| VID |
12092 |
| Severity |
40 |
| Port |
1526 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Informix Dynamic Server appears to be vulnerable to multiple vulnerabilities. Informix Dynamic Server (IDS) is a database developed by IBM. IBM Informix Dynamic Server (IDS) versions prior to 7.31.xD9 and 9.x prior to 9.40.xC8 and 10.00 prior to 10.00.xC4 are vulnerable to multiple vulnerabilities, which could be exploited by attackers or malicious users to execute arbitrary commands, bypass security restrictions, disclose sensitive information, or cause a denial of service. Some of these issues could be exploited remotely without authentication.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21242921
http://www-1.ibm.com/support/docview.wss?uid=swg21153336
http://secunia.com/advisories/21301/
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.frsirt.com/english/advisories/2006/3077
* Platforms Affected:
IBM Informix Dynamic Server versions 10.x prior to 10.00.xC4
IBM Informix Dynamic Server versions 9.x prior to 9.40.xC8
IBM Informix Dynamic Server versions prior to 7.31.xD9
Sun Solaris Any version
IBM AIX Any version
HP-UX Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Informix Dynamic Server (7.31.xD9, 9.40.xC8, or 10.00.xC4 or later), available from the Informix Web page at http://www-306.ibm.com/software/data/informix/ids/ |
| Related URL |
CVE-2006-3853,CVE-2006-3855,CVE-2006-3856,CVE-2006-3857,CVE-2006-3858,CVE-2006-3860,CVE-2006-3861,CVE-2006-3862 (CVE) |
| Related URL |
19264 (SecurityFocus) |
| Related URL |
28122,28124,28126,28127,28129,28131,28132,28148,28157,28158 (ISS) |
|
