Lucene search

SAINT CorporationSAINT:76FF2B35C18742C815C23835A7059378

HistoryMay 09, 2008 - 12:00 a.m.

Informix Dynamic Server sqlexec password argument buffer overflow

2008-05-0900:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

EPSS

0.889

Percentile

98.8%

JSON

Added: 05/09/2008
CVE: CVE-2008-0727
BID: 28198
OSVDB: 42701

Background

Informix Dynamic Server is a database solution from IBM. The **oninit.exe** process listens for connections on port 1526/TCP.

Problem

The **oninit.exe** process does not sufficiently check the length of command-line arguments passed to the **sqlexec** program. This allows remote attackers to execute commands by specifying a long, specially crafted password argument.

Resolution

Apply one of the updates referenced in ZDI-08-012.

References

<http://www.zerodayinitiative.com/advisories/ZDI-08-012/>

Limitations

Exploit works on Informix Dynamic Server 10.00.TC3.

Platforms

Windows

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

EPSS

0.889

Percentile

98.8%

JSON

Related for SAINT:76FF2B35C18742C815C23835A7059378