IBM Informix Dynamic Server SQLIDEBUG unspecified
| ibm-ids-sqlidebug-unspecified (40009) |  Low Risk |
Description:
An unspecified vulnerability in IBM Informix Dynamic Server could allow a local attacker to create files using unknown attack vectors related to the SQLIDEBUG environment variable.
Platforms Affected:
- IBM, Informix Dynamic Server 10.00
Remedy:
Apply the patch for your system, as listed in IBM APAR IC54309. See References.
Consequences:
Gain Access
References:
- IBM APAR IC54309, SECURITY: SQLIDEBUG FILE CREATION VULNERABILITY at http://www-1.ibm.com/support/docview.wss?rs=203&context=SW000&dc=DB550&dc=D100&q1=Security+vulnerability&uid=swg1IC54309.
- BID-27328: IBM Informix Dynamic Server 'SQLIDEBUG' and 'onedcu' Local Privilege Escalation Vulnerabilities
- CVE-2008-0369: Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
- SA28534: IBM Informix Dynamic Server Unspecified File Creation Vulnerabilities
- SECTRACK ID: 1019237: Informix onedcu and sqlidebug File Creation Flaws Have Unspecified Impact
- VUPEN/ADV-2008-0169: IBM Informix Dynamic Server ONEDCU and SQLIDEBUG File Creation
Reported:
Jan 17, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net