6.5

CVE-2006-3857

EPSS 4.24%
Published 08.08.2006 22:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Informix Dynamic Database Server Version9.3

Ibm ≫ Informix Dynamic Database Server Version9.40.tc1

Ibm ≫ Informix Dynamic Database Server Version9.40.tc2

Ibm ≫ Informix Dynamic Database Server Version9.40.tc3

Ibm ≫ Informix Dynamic Database Server Version9.40.tc4

Ibm ≫ Informix Dynamic Database Server Version9.40.tc5

Ibm ≫ Informix Dynamic Database Server Version9.40.uc1

Ibm ≫ Informix Dynamic Database Server Version9.40.uc2

Ibm ≫ Informix Dynamic Database Server Version9.40.uc3

Ibm ≫ Informix Dynamic Database Server Version10.00.tc1

Ibm ≫ Informix Dynamic Database Server Version10.00.tc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.24%	0.877

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/21301

Patch

Vendor Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

Patch

http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

http://www.securityfocus.com/archive/1/443133/100/0/threaded

http://www.securityfocus.com/bid/19264

Patch

http://www.vupen.com/english/advisories/2006/3077

http://www.securityfocus.com/archive/1/443210/100/0/threaded

http://www.osvdb.org/27681

http://www.osvdb.org/27682

http://www.osvdb.org/27683

http://www.osvdb.org/27687

http://www.osvdb.org/27688

http://www.osvdb.org/27693

https://exchange.xforce.ibmcloud.com/vulnerabilities/28118

https://exchange.xforce.ibmcloud.com/vulnerabilities/28119

https://exchange.xforce.ibmcloud.com/vulnerabilities/28120

https://exchange.xforce.ibmcloud.com/vulnerabilities/28126

https://exchange.xforce.ibmcloud.com/vulnerabilities/28127

https://exchange.xforce.ibmcloud.com/vulnerabilities/28157

https://nvd.nist.gov/vuln/detail/CVE-2006-3857

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3857

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3857

EUVD