[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254492

 
 

909

 
 

198437

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-2319Date: (C)2004-12-31   (M)2023-12-22


IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-10737
http://www.securityfocus.com/archive/1/351770
OSVDB-3758
OSVDB-3760
BID-9511
BID-9512
http://www-1.ibm.com/support/docview.wss?uid=swg21153336
informix-onedcu-symlink-attack(14971)
informix-onshowaudit-information-disclosure(14969)

CPE    4
cpe:/a:ibm:informix_extended_parallel_server:8.40_uc1
cpe:/a:ibm:informix_extended_parallel_server:8.40_uc2
cpe:/a:ibm:informix_dynamic_server:9.40.uc1
cpe:/a:ibm:informix_dynamic_server:9.40.uc2
...

© SecPod Technologies