7.5

CVE-2006-3862

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmInformix Dynamic Server Version9.40.tc5
IbmInformix Dynamic Server Version9.40.uc5
IbmInformix Dynamic Server Version9.40.xc5
IbmInformix Dynamic Server Version10.0.tc1
IbmInformix Dynamic Server Version10.0.xc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.58% 0.88
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21301
http://www-1.ibm.com/support/docview.wss?uid=swg21242921
Patch
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.securityfocus.com/archive/1/443133/100/0/threaded
http://www.securityfocus.com/bid/19264
http://www.vupen.com/english/advisories/2006/3077
http://www.osvdb.org/27694
http://www.securityfocus.com/archive/1/443165/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/28158