Vulnerabilities > CVE-2008-0949 - Remote vulnerability in IBM Informix Dynamic Server

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ibm

critical

NVD

Published: 2008-03-18

Updated: 2017-08-08

Summary

Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. IBM links require software support sign in to access information.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Informix Dynamic Server 7.3 IBM Informix Dynamic Server 7.31.Xd8 IBM Informix Dynamic Server 7.31.Xd9 IBM Informix Dynamic Server 9.3 IBM Informix Dynamic Server 9.4 IBM Informix Dynamic Server 9.40.Tc5 IBM Informix Dynamic Server 9.40.Uc1 IBM Informix Dynamic Server 9.40.Uc2 IBM Informix Dynamic Server 9.40.Uc3 IBM Informix Dynamic Server 9.40.Uc5 IBM Informix Dynamic Server 9.40.Xd8 IBM Informix Dynamic Server 9.40_Xc7 IBM Informix Dynamic Server 10.0 IBM Informix Dynamic Server 10.0.Xc3 IBM Informix Dynamic Server 10.0.Xc4 IBM Informix Dynamic Server 10.00.Xc7W1 IBM Informix Dynamic Server 11.10.Xc2	17

Saint

bid	28198
description	Informix Dynamic Server sqlexec password argument buffer overflow
id	database_informix_idsver
osvdb	42701
title	informix_sqlexec_password
type	remote

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 28198 CVE(CAN) ID: CVE-2008-0727,CVE-2008-0949 IBM Informix Dynamic Server为企业提供运行业务所需的任务关键型数据基础设施。 Informix Dynamic Server默认监听于TCP 1526端口的oninit.exe进程在认证期间没有验证DBPATH变量和用户口令的长度，如果用户提供了超长的变量名或口令的话，就可以触发缓冲区溢出，导致执行任意指令。 IBM Informix Dynamic Server 9.x IBM Informix Dynamic Server 7.x IBM Informix Dynamic Server 11.x IBM Informix Dynamic Server 10.x IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www-1.ibm.com/support/docview.wss?uid=swg1IC55225 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg1IC55225</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg1IC55224 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg1IC55224</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209</a> <a href=http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210 target=_blank>http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210</a>
id	SSV:3042
last seen	2017-11-19
modified	2008-03-17
published	2008-03-17
reporter	Root
title	IBM Informix Dynamic Server多个远程溢出漏洞

Summary

Vulnerable Configurations

Saint

Seebug

References