CVE-2006-3858
NISR02082006E.txt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
IBM Informix Dynamic Server (IDS) anterior a 9.40.xC8 y 10.00 anterior a 10.00.xC4 almacena contraseñas en texto plano en memoria compartida, lo cual permite a usuarios locales obtener contraseñas leyendo la memoria (defectos de producto 171893, 171894, 173772).
Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple password exposure flaws were discovered. When a user logs on to an Informix server their cleartext password can be found in a shared memory section. On Windows "everyone" can open the section and read the contents and thus gain access to the passwords for every logged on user. On both Linux and Windows, in the event of a crash the share memory is dumped in a log file which is world readable. All versions are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-07-26 CVE Reserved
- 2006-08-08 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf | X_refsource_misc | |
| http://www.osvdb.org/27691 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/443133/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/443195/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/3077 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28132 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/21301 | 2018-10-17 | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21242921 | 2018-10-17 | |
| http://www.securityfocus.com/bid/19264 | 2018-10-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.4 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.4" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.tc5 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.tc5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.uc1 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.uc2 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.uc3 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.uc5 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.xc5 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.xc5" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 9.40.xc7 Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.xc7" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 10.0 Search vendor "Ibm" for product "Informix Dynamic Server" and version "10.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 10.0.xc1 Search vendor "Ibm" for product "Informix Dynamic Server" and version "10.0.xc1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Informix Dynamic Server Search vendor "Ibm" for product "Informix Dynamic Server" | 10.0.xc3 Search vendor "Ibm" for product "Informix Dynamic Server" and version "10.0.xc3" | - |
Affected
| ||||||