CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:C/A:C
EPSS
Percentile
98.8%
Added: 05/09/2008
CVE: CVE-2008-0727
BID: 28198
OSVDB: 42701
Informix Dynamic Server is a database solution from IBM. The **oninit.exe**
process listens for connections on port 1526/TCP.
The **oninit.exe**
process does not sufficiently check the length of command-line arguments passed to the **sqlexec**
program. This allows remote attackers to execute commands by specifying a long, specially crafted password argument.
Apply one of the updates referenced in ZDI-08-012.
<http://www.zerodayinitiative.com/advisories/ZDI-08-012/>
Exploit works on Informix Dynamic Server 10.00.TC3.
Windows