IBM Informix Dynamic Server DBINFO Vulnerability Details Released

IBM has announced a vulnerability in Informix Dynamic Server. There is a bug in the handling of the keyword ‘DBINFO’ in SQL queries. The list of vulnerable versions is below:

IBM Informix IDS 10.0.tc1
IBM Informix IDS 10.0
IBM Informix IDS 10.0.xC4
IBM Informix IDS 10.0.xc3
IBM Informix IDS 10.00.xC11
IBM Informix IDS 10.00.xC7W1
IBM Informix IDS 10.00.xC8
IBM Informix IDS 10.00.xC10
IBM Informix IDS 10.00.TC9
IBM Informix IDS 11.10
IBM Informix IDS 11.10.xC2
IBM Informix IDS 11.10.xC4
IBM Informix IDS 11.10.xC2W2
IBM Informix IDS 11.10.xC3
IBM Informix IDS 11.50.xC5
IBM Informix IDS 11.50.xC1
IBM Informix IDS 11.50.xC3
IBM Informix IDS 11.10.TC3

References:
http://www.zerodayinitiative.com/advisories/ZDI-10-217/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Leave a Reply