CVE-2017-1310
https://notcve.org/view.php?id=CVE-2017-1310
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. IBM Informix Dynamic Server 12.1 podría permitir que un usuario autenticado provoque un desbordamiento de búfer que podría escribir archivos grandes de fallo de aserción en el servidor. Si se hace un número de veces suficiente, esto podría utilizar grandes partes del sistema de archivos y provocar el cierre inesperado del servidor. • http://www.ibm.com/support/docview.wss?uid=swg22004930 http://www.securityfocus.com/bid/99309 http://www.securitytracker.com/id/1038803 https://exchange.xforce.ibmcloud.com/vulnerabilities/125569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0226 – IBM Informix portmap Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-0226
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. La implementación del cliente en IBM Informix Dynamic Server 11.70.xCn en Windows no restringe adecuadamente el acceso a los archivos ejecutables (1) nsrd, (2) nsrexecd y (3) portmap, lo que permite a usuarios locales obtener privilegios a través de un archivo troyano. This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within configuration of the portmap service. Weak access control allows all authenticated users to modify the binary for this service and thus execute code in the context of SYSTEM. • http://www-01.ibm.com/support/docview.wss?uid=swg21978598 http://www.securitytracker.com/id/1035286 http://zerodayinitiative.com/advisories/ZDI-16-208 http://zerodayinitiative.com/advisories/ZDI-16-209 http://zerodayinitiative.com/advisories/ZDI-16-210 • CWE-284: Improper Access Control •
CVE-2012-4857
https://notcve.org/view.php?id=CVE-2012-4857
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement. Desbordamiento de búfer en IBM Informix v11.50 hasta v11.50.xC9W2 y v11.70 anterior a v11.70.xC7, permite a atacantes remotos autenticados ejecutar código arbitrario mediante una sentencia SQL especialmente diseñada. • http://www.securitytracker.com/id?1027849 https://exchange.xforce.ibmcloud.com/vulnerabilities/79737 https://www.ibm.com/support/docview.wss?uid=swg21618994 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-3334
https://notcve.org/view.php?id=CVE-2012-3334
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement. Desbordamiento de búfer basado en pila en IBM Informix Dynamic Server (IDS) v11.50 antes de v11.50.xC9W2 y v11.70 antes de v11.70.xC5 permite a usuarios remotos autenticados ejecutar código de su elección a través de argumentos modificados en una petición 'SET COLLATION'. • http://osvdb.org/85736 http://www.ibm.com/support/docview.wss?uid=swg21611800 http://www.securityfocus.com/bid/55668 https://exchange.xforce.ibmcloud.com/vulnerabilities/78277 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-1033 – IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1033
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. Desbordamiento de búfer basado en pila en en oninit en IBM Informix Dynamic Server (IDS) v11.50 permite a atacantes remotos ejecutar código de su elección a través de argumentos manipulados en la opción de sesión de entorno USELASTCOMMITTED en un estado SQL SET ENVIRONMENT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing the arguments to the USELASTCOMMITTED option in a SQL query. User-supplied data is copied into a stack-based buffer without proper bounds checking resulting in an exploitable overflow. • http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm http://secunia.com/advisories/43212 http://securityreason.com/securityalert/8078 http://www.securityfocus.com/archive/1/516250/100/0/threaded http://www.securityfocus.com/bid/46230 http://www.vupen.com/english/advisories/2011/0309 http://zerodayinitiative.com/advisories/ZDI-11-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/65209 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •