Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4069

Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023.

Published

2010-10-25T20:01:06.283

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 8.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

6.8

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	informix_dynamic_server	7.31	Yes
Application	ibm	informix_dynamic_server	9.40.tc5	Yes
Application	ibm	informix_dynamic_server	9.40.uc1	Yes
Application	ibm	informix_dynamic_server	9.40.uc2	Yes
Application	ibm	informix_dynamic_server	9.40.uc3	Yes
Application	ibm	informix_dynamic_server	9.40.uc5	Yes
Application	ibm	informix_dynamic_server	9.40.xc5	Yes
Application	ibm	informix_dynamic_server	9.40.xc7	Yes
Application	ibm	informix_dynamic_server	10.00	Yes
Application	ibm	informix_dynamic_server	10.00.tc3tl	Yes
Application	ibm	informix_dynamic_server	10.00.xc1	Yes
Application	ibm	informix_dynamic_server	10.00.xc2	Yes
Application	ibm	informix_dynamic_server	10.00.xc3	Yes
Application	ibm	informix_dynamic_server	10.00.xc4	Yes
Application	ibm	informix_dynamic_server	10.00.xc5	Yes
Application	ibm	informix_dynamic_server	10.00.xc6	Yes
Application	ibm	informix_dynamic_server	10.00.xc7w1	Yes
Application	ibm	informix_dynamic_server	10.00.xc8	Yes
Application	ibm	informix_dynamic_server	10.00.xc9	Yes
Application	ibm	informix_dynamic_server	10.00.xc10	Yes
Application	ibm	informix_dynamic_server	11.10	Yes
Application	ibm	informix_dynamic_server	11.10.tb4tl	Yes
Application	ibm	informix_dynamic_server	11.10.xc1	Yes
Application	ibm	informix_dynamic_server	11.10.xc1de	Yes
Application	ibm	informix_dynamic_server	11.10.xc2	Yes
Application	ibm	informix_dynamic_server	11.10.xc2e	Yes
Application	ibm	informix_dynamic_server	11.50	Yes
Application	ibm	informix_dynamic_server	11.50.xc1	Yes
Application	ibm	informix_dynamic_server	11.50.xc2	Yes

References

http://secunia.com/advisories/41914 Vendor Advisory ([email protected])
http://www.osvdb.org/68707 ([email protected])
http://www.vupen.com/english/advisories/2010/2735 Vendor Advisory ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-10-217/ ([email protected])
http://secunia.com/advisories/41914 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/68707 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2735 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-10-217/ (af854a3a-2127-422b-91ae-364da2661108)