// For flags

CVE-2006-3861

NISR02082006H.txt

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.

IBM Informix Dynamic Server (IDS) anterior a 9.40.xC7 y 10.00 anterior a 10.00.xC3 no utiliza permisos de creación de bases de datos, lo cual permite a usuarios autenticados remotamente crear bases de datos de su elección.

Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix it was discovered that any user can create a database and thus gain DBA privileges. On Informix public has the connect privilege; thus anyone with a login may connect. Public can also issue the create database command. When the database is created, the user that created the database is made a DBA of that database. A DBA can execute code as the informix user and trivially gain root privileges. Versions affected include 9.40.xC6 and earlier and 10.00.xC2, C1.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-26 CVE Reserved
  • 2006-08-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 7.31
Search vendor "Ibm" for product "Informix Dynamic Server" and version "7.31"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.4
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.4"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.40.tc5
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.tc5"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.40.uc1
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc1"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.40.uc2
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc2"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.40.uc3
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc3"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.40.uc5
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.uc5"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 9.40.xc5
Search vendor "Ibm" for product "Informix Dynamic Server" and version "9.40.xc5"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 10.0
Search vendor "Ibm" for product "Informix Dynamic Server" and version "10.0"
-
Affected
Ibm
Search vendor "Ibm"
 Informix Dynamic Server
Search vendor "Ibm" for product "Informix Dynamic Server"
 10.0.xc1
Search vendor "Ibm" for product "Informix Dynamic Server" and version "10.0.xc1"
-
Affected