|
 |
|
IBM Informix Database Multiple Local Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA10737
|
|
|
Release Date:
|
2004-01-28
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | IBM Informix Dynamic Server 9.x
IBM Informix Extended Parallel Server 8.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
IBM has issued updates for Informix. These fix multiple vulnerabilities allowing malicious users to escalate their privileges.
1) Multiple executable files with setuid attributes contain boundary errors in the handling of the "GL_PATH" environment variable. This can be exploited by malicious local users to cause a buffer overflow and execute arbitrary code with escalated privileges.
2) Certain executable files open and parse files when executed. The parsing of certain files is flawed and contain a format string vulnerability which can be exploited by editing these files. Normally these files aren't accessible, however, users can change the "INFORMIXDIR" environment variable so the files are read from a different location.
3) The program "onshowaudit" try to read files from "/tmp" with root privileges. This can be exploited by malicious local users to see the content of arbitrary files by linking from the files in "/tmp" to files with sensitive data, such as "/etc/shadow".
4) The "ontape" binary contains a boundary error which allows malicious local users to cause a buffer overflow by setting a long "ONCONFIG" environment variable. This can be exploited to gain root privileges.
5) The "onedcu" executable doesn't drop privileges before writing to the log file "\001". This can be exploited to overwrite arbitrary files by creating links.
According to vendor this affects:
IBM Informix Dynamic Server (IDS) 9.40.xC1
IBM Informix Extended Parallel Server (XPS) version 8.40.UCx
Solution:
Contact Customer Services for an upgrade to IBM Informix Dynamic Server 9.40.UC3 or IBM Informix Extended Parallel Server 8.40.UD1.
IBM has suggested workarounds for these issue, see original advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21153336
Provided and/or discovered by:
Issue 1 and 2 was reported by KF
Issue 3, 4 and 5 was reported by Juan Manuel Pascual Escriba
Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21153336
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. IBM Informix Dynamic Server Multiple Vulnerabilities
|
|
2. IBM Informix Dynamic Server File Creation Vulnerabilities
|
|
3. Informix Dynamic Server Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
