Lucene search

MitreCVE-2006-3861

HistoryAug 08, 2006 - 10:04 p.m.

CVE-2006-3861

2006-08-0822:04:00

mitre

web.nvd.nist.gov

ibm informix

ids

cve-2006-3861

database creation

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.

Affected configurations

Nvd

Node

ibminformix_dynamic_serverMatch7.31

ibminformix_dynamic_serverMatch9.4

ibminformix_dynamic_serverMatch9.40.tc5

ibminformix_dynamic_serverMatch9.40.uc1

ibminformix_dynamic_serverMatch9.40.uc2

ibminformix_dynamic_serverMatch9.40.uc3

ibminformix_dynamic_serverMatch9.40.uc5

ibminformix_dynamic_serverMatch9.40.xc5

ibminformix_dynamic_serverMatch10.0

ibminformix_dynamic_serverMatch10.0.xc1

VendorProductVersionCPE
ibminformix_dynamic_server7.31cpe:2.3:a:ibm:informix_dynamic_server:7.31:*:*:*:*:*:*:*
ibminformix_dynamic_server9.4cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.tc5cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc1cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc2cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc3cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.uc5cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*
ibminformix_dynamic_server9.40.xc5cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*
ibminformix_dynamic_server10.0cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*
ibminformix_dynamic_server10.0.xc1cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_server	7.31	cpe:2.3:a:ibm:informix_dynamic_server:7.31:::::::*
ibm	informix_dynamic_server	9.4	cpe:2.3:a:ibm:informix_dynamic_server:9.4:::::::*
ibm	informix_dynamic_server	9.40.tc5	cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:::::::*
ibm	informix_dynamic_server	9.40.uc1	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:::::::*
ibm	informix_dynamic_server	9.40.uc2	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:::::::*
ibm	informix_dynamic_server	9.40.uc3	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:::::::*
ibm	informix_dynamic_server	9.40.uc5	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:::::::*
ibm	informix_dynamic_server	9.40.xc5	cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:::::::*
ibm	informix_dynamic_server	10.0	cpe:2.3:a:ibm:informix_dynamic_server:10.0:::::::*
ibm	informix_dynamic_server	10.0.xc1	cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:::::::*

References

secunia.com/advisories/21301

www-1.ibm.com/support/docview.wss?uid=swg21242921

www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

www.osvdb.org/27692

www.securityfocus.com/archive/1/443133/100/0/threaded

www.securityfocus.com/archive/1/443192/100/0/threaded

www.securityfocus.com/bid/19264

www.vupen.com/english/advisories/2006/3077

exchange.xforce.ibmcloud.com/vulnerabilities/28148

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

Related for CVE-2006-3861