Lucene search

MitreCVE-2006-5163

HistoryOct 05, 2006 - 4:04 a.m.

CVE-2006-5163

2006-10-0504:04:00

mitre

web.nvd.nist.gov

cve-2006-5163

ibm

informix

dynamic

server

linux

security

insecure permissions

symlink attack

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.8%

JSON

IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.

Affected configurations

Nvd

Node

ibminformix_dynamic_serverMatch10.uc_rc1trial_linux

VendorProductVersionCPE
ibminformix_dynamic_server10.uc_rc1cpe:2.3:a:ibm:informix_dynamic_server:10.uc_rc1:*:trial_linux:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	informix_dynamic_server	10.uc_rc1	cpe:2.3:a:ibm:informix_dynamic_server:10.uc_rc1::trial_linux:::::

References

archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html

secunia.com/advisories/22223

securityreason.com/securityalert/1686

www.osvdb.org/29349

www.securityfocus.com/archive/1/447501/100/0/threaded

www.securityfocus.com/bid/20300

www.vupen.com/english/advisories/2006/3883

exchange.xforce.ibmcloud.com/vulnerabilities/29297

exchange.xforce.ibmcloud.com/vulnerabilities/29300

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2006-5163