CVE-2009-3691 – IBM Informix Client SDK 3.0 - '.nfx' File Integer Overflow
https://notcve.org/view.php?id=CVE-2009-3691
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de entero en setnet32.exe v3.50.0.13752 en IBM Informix Client SDK v3.0 y v3.50 y Informix Connect Runtime v3.x permite a atacantes remotos ejecutar código a su elección a través de un archivo .nfx con un (1) HostSize manipulado, y probablemente (2) ProtoSize y (3) ServerSize, campo que lanza un desbordamiento de búfer basado en pila incluyendo un campos HostList manipulado. NOTA: algunos de estos detalles fueron obtenidos a partir de información de terceros. • https://www.exploit-db.com/exploits/10070 http://retrogod.altervista.org/9sg_ibm_setnet32.html http://secunia.com/advisories/36949 http://securitytracker.com/id?1022985 http://www.osvdb.org/58530 http://www.securityfocus.com/bid/36588 http://www.vupen.com/english/advisories/2009/2834 https://exchange.xforce.ibmcloud.com/vulnerabilities/53644 • CWE-189: Numeric Errors •
CVE-2006-5663
https://notcve.org/view.php?id=CVE-2006-5663
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 utilizan permisos no seguros para los scripts de instalación, que permite a los usuarios locales obtener privilegios modificando estos scripts. • http://secunia.com/advisories/22609 http://securitytracker.com/id?1017156 http://www-1.ibm.com/support/docview.wss?uid=swg21247438 http://www.vupen.com/english/advisories/2006/4280 •
CVE-2006-5664
https://notcve.org/view.php?id=CVE-2006-5664
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. El script de instalación en IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 permite a los usuarios locales "comprometer la seguridad" mediante un ataque de enlaces simbólicos sobre ficheros temporales. • http://secunia.com/advisories/22609 http://securitytracker.com/id?1017156 http://www-1.ibm.com/support/docview.wss?uid=swg21247438 http://www.vupen.com/english/advisories/2006/4280 •