IBM Informix Dynamic Server multiple security vulnerabilities
Published:		06.02.2008
Source:		BUGTRAQ
SecurityVulns ID:		8635
Type:		remote
Level:		5/10
Description:		SQLIDEBUG and onedcu operators allow to access arbitrary files.

Affected:		IBM : Informix Dynamic Server 10.00
CVE:		CVE-2008-0369 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the SQLIDEBUG environment variable.)
		CVE-2008-0368 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the onedcu program.)

Original document		IDEFENSE, iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server onedcu File Creation Vulnerability (06.02.2008)
		IDEFENSE, iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability (06.02.2008)

Discuss:

Read or add your comments to this news (0 comments)