CVE-2010-4069:informix_dynamic_server: Stack-based buffer overflow in IBM Informix Dynamic...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4069

informix_dynamic_server: Stack-based buffer overflow in IBM Informix Dynamic...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4069

Original

Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-10-25

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-26

Affected Product Tags

cpe:/a:ibm:informix_dynamic_server:10.00

cpe:/a:ibm:informix_dynamic_server:10.00.tc3tl

cpe:/a:ibm:informix_dynamic_server:10.00.xc1

cpe:/a:ibm:informix_dynamic_server:10.00.xc10

cpe:/a:ibm:informix_dynamic_server:10.00.xc2

cpe:/a:ibm:informix_dynamic_server:10.00.xc3

cpe:/a:ibm:informix_dynamic_server:10.00.xc4

cpe:/a:ibm:informix_dynamic_server:10.00.xc5

cpe:/a:ibm:informix_dynamic_server:10.00.xc6

cpe:/a:ibm:informix_dynamic_server:10.00.xc7w1

cpe:/a:ibm:informix_dynamic_server:10.00.xc8

cpe:/a:ibm:informix_dynamic_server:10.00.xc9

cpe:/a:ibm:informix_dynamic_server:11.50

cpe:/a:ibm:informix_dynamic_server:7.31

cpe:/a:ibm:informix_dynamic_server:9.40.tc5

cpe:/a:ibm:informix_dynamic_server:9.40.uc1

cpe:/a:ibm:informix_dynamic_server:9.40.uc2

cpe:/a:ibm:informix_dynamic_server:9.40.uc3

cpe:/a:ibm:informix_dynamic_server:9.40.uc5

cpe:/a:ibm:informix_dynamic_server:9.40.xc5

cpe:/a:ibm:informix_dynamic_server:9.40.xc7

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

MISC http://www.zerodayinitiative.com/advisories/ZDI-10-217/

OSVDB 68707

SECUNIA 41914

VUPEN ADV-2010-2735

Vulnerability Type Buffer Errors (CWE-119)