1. CVE-Search
  2. CVE-2006-3860
ID CVE-2006-3860
Summary IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:7.31_.xd8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.xc7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:informix_dynamic_database_server:10.0_xc3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:informix_dynamic_database_server:10.0_xc3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19264
bugtraq
  • 20060814 Informix - Discovery, Attack and Defense
  • 20060814 Multiple Arbitrary Command Execution Vulnerabilities
confirm http://www-1.ibm.com/support/docview.wss?uid=swg21242921
misc http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
osvdb 27686
secunia 21301
sreason 1407
vupen ADV-2006-3077
xf
  • informix-setdebug-command-execution(28124)
  • informix-sysmaster-command-execution(28121)
Last major update 17-10-2018 - 21:32
Published 17-08-2006 - 01:04
Last modified 17-10-2018 - 21:32
Back to Top