CVE-2006-3860

Sažetak

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.

Reference

http://secunia.com/advisories/21301
http://securityreason.com/securityalert/1407
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.osvdb.org/27686
http://www.securityfocus.com/archive/1/443133/100/0/threaded
http://www.securityfocus.com/archive/1/443185/100/0/threaded
http://www.securityfocus.com/bid/19264
http://www.vupen.com/english/advisories/2006/3077
http://www-1.ibm.com/support/docview.wss?uid=swg21242921
https://exchange.xforce.ibmcloud.com/vulnerabilities/28121
https://exchange.xforce.ibmcloud.com/vulnerabilities/28124

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:32

Objavljeno

17-08-2006 - 01:04