IBM Informix Dynamic Server ONEDCU unspecified
| ibm-ids-onedcu-unspecified (39751) |  Low Risk |
Description:
An unspecified vulnerability in IBM Informix Dynamic Server could allow a local attacker to create files using unknown attack vectors related to the ONEDCU program.
Platforms Affected:
- IBM, Informix Dynamic Server prior to 10.00.xC8
Remedy:
Apply the patch for your system, as listed in IBM APAR IC54307. See References.
Consequences:
Gain Access
References:
- IBM APAR IC54307, SECURITY: SERVER ONEDCU FILE CREATION VULNERABILITY at http://www-1.ibm.com/support/docview.wss?rs=203&context=SW000&dc=DB550&dc=D100&q1=Security+vulnerability&uid=swg1IC54307.
- BID-27328: IBM Informix Dynamic Server 'SQLIDEBUG' and 'onedcu' Local Privilege Escalation Vulnerabilities
- CVE-2008-0368: onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.
- FrSIRT/ADV-2008-0169: IBM Informix Dynamic Server ONEDCU and SQLIDEBUG File Creation
- SA28534: IBM Informix Dynamic Server Unspecified File Creation Vulnerabilities
- SECTRACK ID: 1019237: Informix onedcu and sqlidebug File Creation Flaws Have Unspecified Impact
Reported:
Jan 17, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net