Lucene search

MitreCVE-2004-2131

HistoryMay 27, 2005 - 4:00 a.m.

CVE-2004-2131

2005-05-2704:00:00

mitre

web.nvd.nist.gov

cve-2004-2131

stack-based buffer overflow

ibm informix dynamic server

ids

nvd

buffer overflow

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

Percentile

0.4%

JSON

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.

Affected configurations

Nvd

Node

ibminformix_dynamic_serverMatch9.40.uc1

ibminformix_dynamic_serverMatch9.40.uc2

ibminformix_extended_parallel_serverMatch8.40_uc1

VendorProductVersionCPE
ibminformix_dynamic_server9.40.uc1cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc2cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
ibminformix_extended_parallel_server8.40_uc1cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_server	9.40.uc1	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:::::::*
ibm	informix_dynamic_server	9.40.uc2	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:::::::*
ibm	informix_extended_parallel_server	8.40_uc1	cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:::::::*

References

marc.info/?l=bugtraq&m=107539878804074&w=2

secunia.com/advisories/10737/

www-1.ibm.com/support/docview.wss?uid=swg21153336

www.osvdb.org/3759

www.securityfocus.com/bid/9512

exchange.xforce.ibmcloud.com/vulnerabilities/14970

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2004-2131