----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI
has been released. The new version includes many new and advanced
features, which makes it even easier to stay patched.

Download and test it today:
https://psi.secunia.com/

Read more about this new version:
https://psi.secunia.com/?page=changelog

----------------------------------------------------------------------

TITLE:
IBM Informix Dynamic Server Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA29272

VERIFY ADVISORY:
http://secunia.com/advisories/29272/

CRITICAL:
Moderately critical

IMPACT:
Unknown, DoS, System access

WHERE:
>From local network

SOFTWARE:
IBM Informix Dynamic Server 10.x
http://secunia.com/product/11204/
IBM Informix Dynamic Server 11.x
http://secunia.com/product/17365/
IBM Informix Dynamic Server 7.x
http://secunia.com/product/3367/
IBM Informix Dynamic Server 9.x
http://secunia.com/product/1510/

DESCRIPTION:
Some vulnerabilities have been reported in IBM Informix Dynamic
Server, where some have unknown impacts and others can potentially be
exploited to compromise a vulnerable system.

1) An unspecified error within the handling of malformed connection
requests can be exploited by sending a specially crafted packet.

2) A boundary error related to "DBPATH" can be exploited to cause a
buffer overflow.

3) A boundary error within the processing of authentication passwords
can be exploited to cause a buffer overflow.

SOLUTION:
Restrict network access to the system.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits MWR InfoSecurity.
2, 3) The vendor credits the Zero Day Initiative.

ORIGINAL ADVISORY:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55225
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55224
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------