IBM Informix Dynamic Server Buffer Overflow Vulnerability

by Carol~ Moderator - 12/7/12 6:22 AM

In Reply to: VULNERABILITIES / FIXES - December 07, 2012 by Carol~ Moderator

Release Date : 2012-12-07

Criticality level : Less critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Software: IBM Informix Dynamic Server 11.x

Description:
A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an error when processing certain unspecified SQL statements and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 11.50.xC9W2 and prior and version 11.70.xC7 and prior.

Solution:
Update to a version with a fix greater than 11.50.xC9W2 or 11.70.xC7.

Provided and/or discovered by:
The vendor credits IOActive Inc.

Original Advisory:
IBM:
https://www.ibm.com/support/docview.wss?uid=swg21618994

http://secunia.com/advisories/51506/