Vulnerability Description
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Informix Dynamic Server | 9.4 |
References
- http://secunia.com/advisories/21301PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
- http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInform
- http://www.osvdb.org/27691
- http://www.securityfocus.com/archive/1/443133/100/0/threaded
- http://www.securityfocus.com/archive/1/443195/100/0/threaded
- http://www.securityfocus.com/bid/19264Patch
- http://www.vupen.com/english/advisories/2006/3077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28132
- http://secunia.com/advisories/21301PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
- http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInform
- http://www.osvdb.org/27691
- http://www.securityfocus.com/archive/1/443133/100/0/threaded
- http://www.securityfocus.com/archive/1/443195/100/0/threaded
FAQ
What is CVE-2006-3858?
CVE-2006-3858 is a vulnerability with a CVSS score of 2.1 (LOW). IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product...
How severe is CVE-2006-3858?
CVE-2006-3858 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3858?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Informix Dynamic Server.