Lucene search

MitreCVE-2004-2489

HistoryOct 25, 2005 - 4:00 a.m.

CVE-2004-2489

2005-10-2504:00:00

mitre

web.nvd.nist.gov

ibm

informix dynamic server

ids

vulnerability

format string

arbitrary code

local users

nvd

cve-2004-2489

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

44.3%

JSON

Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.

Affected configurations

Nvd

Node

ibminformix_dynamic_serverMatch9.40.uc1

ibminformix_dynamic_serverMatch9.40.uc2

VendorProductVersionCPE
ibminformix_dynamic_server9.40.uc1cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc2cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_server	9.40.uc1	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:::::::*
ibm	informix_dynamic_server	9.40.uc2	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:::::::*

References

marc.info/?l=bugtraq&m=107524391217364&w=2

secunia.com/advisories/10737

www-1.ibm.com/support/docview.wss?uid=swg21153336

www.osvdb.org/3757

www.securityfocus.com/bid/9511

exchange.xforce.ibmcloud.com/vulnerabilities/14967

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

44.3%

JSON

Related for CVE-2004-2489