Lucene search

MitreCVE-2006-3858

HistoryAug 08, 2006 - 10:04 p.m.

CVE-2006-3858

2006-08-0822:04:00

mitre

web.nvd.nist.gov

ibm

informix dynamic server

ids

plaintext

password

storage

security vulnerability

nvd

cve-2006-3858

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.8%

JSON

IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).

Affected configurations

Nvd

Node

ibminformix_dynamic_serverMatch9.4

ibminformix_dynamic_serverMatch9.40.tc5

ibminformix_dynamic_serverMatch9.40.uc1

ibminformix_dynamic_serverMatch9.40.uc2

ibminformix_dynamic_serverMatch9.40.uc3

ibminformix_dynamic_serverMatch9.40.uc5

ibminformix_dynamic_serverMatch9.40.xc5

ibminformix_dynamic_serverMatch9.40.xc7

ibminformix_dynamic_serverMatch10.0

ibminformix_dynamic_serverMatch10.0.xc1

ibminformix_dynamic_serverMatch10.0.xc3

VendorProductVersionCPE
ibminformix_dynamic_server9.4cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.tc5cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc1cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc2cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc3cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc5cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.xc5cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.xc7cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:*:*:*:*:*:*:*
ibminformix_dynamic_server10.0cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*
ibminformix_dynamic_server10.0.xc1cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_server	9.4	cpe:2.3:a:ibm:informix_dynamic_server:9.4:::::::*
ibm	informix_dynamic_server	9.40.tc5	cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:::::::*
ibm	informix_dynamic_server	9.40.uc1	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:::::::*
ibm	informix_dynamic_server	9.40.uc2	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:::::::*
ibm	informix_dynamic_server	9.40.uc3	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:::::::*
ibm	informix_dynamic_server	9.40.uc5	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:::::::*
ibm	informix_dynamic_server	9.40.xc5	cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:::::::*
ibm	informix_dynamic_server	9.40.xc7	cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:::::::*
ibm	informix_dynamic_server	10.0	cpe:2.3:a:ibm:informix_dynamic_server:10.0:::::::*
ibm	informix_dynamic_server	10.0.xc1	cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:::::::*

Rows per page:

1-10 of 111

References

secunia.com/advisories/21301

www-1.ibm.com/support/docview.wss?uid=swg21242921

www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

www.osvdb.org/27691

www.securityfocus.com/archive/1/443133/100/0/threaded

www.securityfocus.com/archive/1/443195/100/0/threaded

www.securityfocus.com/bid/19264

www.vupen.com/english/advisories/2006/3077

exchange.xforce.ibmcloud.com/vulnerabilities/28132

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2006-3858