---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Informix Dynamic Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21301 VERIFY ADVISORY: http://secunia.com/advisories/21301/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: IBM Informix Dynamic Server 9.x http://secunia.com/product/1510/ IBM Informix Dynamic Server 7.x http://secunia.com/product/3367/ IBM Informix Dynamic Server 10.x http://secunia.com/product/11204/ DESCRIPTION: Multiple vulnerabilities have been reported in Informix Dynamic Server, which can be exploited by malicious users to cause a DoS (Denial of Service), gain knowledge of sensitive information, or compromise the system. 1) A boundary error in the "DBINFO()" function can be exploited to cause a buffer overflow. 2) A boundary error in the "LOTOFILE()" function can be exploited to cause a buffer overflow. 3) A boundary error in the "FILETOCLOB()" function can be exploited to cause a buffer overflow. 4) It's possible to execute arbitrary commands via the "dbimp" and "dbexp" procedures in sysmaster. 5) A boundary error within the handling of usernames can be exploited to cause a buffer overflow via an overly long username. 6) It's possible to execute arbitrary commands via a "SET DEBUG FILE" statement. 7) A boundary error within the handling of "SET DEBUG FILE" statements can be exploited to cause a buffer overflow. 8) A boundary error in the "getname()" function can be exploited to cause a buffer overflow. 9) It's possible to upgrade privileges via C code UDR. 10) Two unspecified errors can be exploited to cause a DoS. 11) User passwords are stored in plain text in shared memory. 12) Any user has permissions to create a database. 13) A boundary error in the "ifx_file_to_file()" function can be exploited to cause a buffer overflow. 14) A boundary error within the handling of the "SQLIDEBUG" environment variable can be exploited to cause a buffer overflow. The vulnerabilities have been reported in versions 7.3, 9.4, and 10.0. Prior versions may also be affected. SOLUTION: Update to version 7.31.xD9, 9.40.xC8, or 10.00.xC4. PROVIDED AND/OR DISCOVERED BY: The vendor credits David Litchfield and the team at Next Generation Security Software. ORIGINAL ADVISORY: IBM: http://www-1.ibm.com/support/docview.wss?uid=swg21242921 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------