CVE-2006-3859
NISR02082006I.txt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands.
IBM UInformix Dynamic Server (IDS) permite a usuarios remotos autenticados crear y sobrescribir archivos de su elección mediante las funciones (1) LOTOFILE y (2) trl_tracefile_set, y los comandos (3) "SET DEGUB FILE".
Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-07-26 CVE Reserved
- 2006-08-17 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2025-04-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/1408 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/443133/100/0/threaded | Mailing List | |
http://www.securityfocus.com/archive/1/443216/100/0/threaded | Mailing List | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28383 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Informix Dynamic Database Server Search vendor "Ibm" for product "Informix Dynamic Database Server" | 9.40.tc7 Search vendor "Ibm" for product "Informix Dynamic Database Server" and version "9.40.tc7" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Informix Dynamic Database Server Search vendor "Ibm" for product "Informix Dynamic Database Server" | 9.40.tc8 Search vendor "Ibm" for product "Informix Dynamic Database Server" and version "9.40.tc8" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Informix Dynamic Database Server Search vendor "Ibm" for product "Informix Dynamic Database Server" | 10.00.tc4 Search vendor "Ibm" for product "Informix Dynamic Database Server" and version "10.00.tc4" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Informix Dynamic Database Server Search vendor "Ibm" for product "Informix Dynamic Database Server" | 10.00.tc5 Search vendor "Ibm" for product "Informix Dynamic Database Server" and version "10.00.tc5" | - |
Affected
|