Vulnerabilities > CVE-2008-0369 - Local Privilege Escalation vulnerability in IBM Informix Dynamic Server 10.00

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

ibm

NVD

Published: 2008-01-19

Updated: 2017-08-08

Summary

Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Informix Dynamic Server 10.00	1

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
http://secunia.com/advisories/28534
http://www.securityfocus.com/bid/27328
http://www.securitytracker.com/id?1019237
http://www.vupen.com/english/advisories/2008/0169
http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
http://www-1.ibm.com/support/docview.wss?uid=swg27011556
https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
https://exchange.xforce.ibmcloud.com/vulnerabilities/40009