Vulnerability Description
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Informix Dynamic Server | 10.00 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
- http://secunia.com/advisories/28534Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
- http://www-1.ibm.com/support/docview.wss?uid=swg27011556
- http://www.securityfocus.com/bid/27328
- http://www.securitytracker.com/id?1019237
- http://www.vupen.com/english/advisories/2008/0169Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40009
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
- http://secunia.com/advisories/28534Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
- http://www-1.ibm.com/support/docview.wss?uid=swg27011556
- http://www.securityfocus.com/bid/27328
- http://www.securitytracker.com/id?1019237
FAQ
What is CVE-2008-0369?
CVE-2008-0369 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable...
How severe is CVE-2008-0369?
CVE-2008-0369 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0369?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Informix Dynamic Server.