1. CVE-Search
  2. CVE-2004-2319
ID CVE-2004-2319
Summary IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc2:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid
  • 9511
  • 9512
bugtraq 20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------
confirm http://www-1.ibm.com/support/docview.wss?uid=swg21153336
osvdb
  • 3758
  • 3760
secunia 10737
xf
  • informix-onedcu-symlink-attack(14971)
  • informix-onshowaudit-information-disclosure(14969)
Last major update 11-07-2017 - 01:31
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:31
Back to Top