Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2319

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2004-2319
Last Modified 05 Sep 2008 04:43:48
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2319

Summary

IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.

Vulnerable Systems

Application

  • Ibm Informix Dynamic Server 9.40.uc1

  • Ibm Informix Dynamic Server 9.40.uc2

  • Ibm Informix Extended Parallel Server 8.40 Uc1

  • Ibm Informix Extended Parallel Server 8.40 Uc2


References

BID - 9512

BID - 9511

SECUNIA - 10737

XF - informix-onedcu-symlink-attack(14971)

XF - informix-onshowaudit-information-disclosure(14969)

BUGTRAQ - 20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------

OSVDB - 3760

OSVDB - 3758

CONFIRM - http://www-1.ibm.com/support/docview.wss?uid=swg21153336


Last Updated: 27 May 2016 10:39:26