[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0369Date: (C)2008-01-18   (M)2023-12-22


Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019237
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
BID-27328
SECUNIA-28534
ADV-2008-0169
IC54309
http://www-1.ibm.com/support/docview.wss?uid=swg27011556
ibm-ids-onedcu-sqlidebug-unspecified(39751)
ibm-ids-sqlidebug-unspecified(40009)

CPE    1
cpe:/a:ibm:informix_dynamic_server:10.00

© SecPod Technologies