Vulnerabilities > CVE-2004-2131 - Multiple vulnerability in IBM products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

ibm

exploit available

NVD

Published: 2004-01-27

Updated: 2017-07-11

Summary

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Informix Dynamic Server 9.40.Uc1 IBM Informix Dynamic Server 9.40.Uc2 IBM Informix Extended Parallel Server 8.40_Uc1	3

Exploit-Db

description	IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (2). CVE-2004-2131. Local exploit for unix platform
id	EDB-ID:23610
last seen	2016-02-02
modified	2003-08-08
published	2003-08-08
reporter	pask
source	https://www.exploit-db.com/download/23610/
title	IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities 2

description	IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (1). CVE-2004-2131. Local exploit for unix platform
id	EDB-ID:23609
last seen	2016-02-02
modified	2003-08-08
published	2003-08-08
reporter	pask
source	https://www.exploit-db.com/download/23609/
title	IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities 1

Summary

Vulnerable Configurations

Exploit-Db

References