Vulnerability Description
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Informix Dynamic Database Server | 9.3 |
References
- http://secunia.com/advisories/21301PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
- http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInform
- http://www.osvdb.org/27681
- http://www.osvdb.org/27682
- http://www.osvdb.org/27683
- http://www.osvdb.org/27687
- http://www.osvdb.org/27688
- http://www.osvdb.org/27693
- http://www.securityfocus.com/archive/1/443133/100/0/threaded
- http://www.securityfocus.com/archive/1/443210/100/0/threaded
- http://www.securityfocus.com/bid/19264Patch
- http://www.vupen.com/english/advisories/2006/3077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28118
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28119
FAQ
What is CVE-2006-3857?
CVE-2006-3857 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as us...
How severe is CVE-2006-3857?
CVE-2006-3857 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3857?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Informix Dynamic Database Server.