IBM Informix Dynamic Server Vulnerability Details Released

IBM has published details on a vulnerability in its Informix Dynamic Server product. According to the article, the vulnerabability is remotely exploitable, although no public exploit code yet exists.

From the link below:

The specific flaw exists within the oninit.exe process bound by default to TCP port 9088 or 1526. A lack of sanity checking within a logging function can result in a stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.

Fixes are available in 11.50.xC1 and 11.10.xC2W2.

References:
http://www.zerodayinitiative.com/advisories/ZDI-10-216/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

Share

Leave a Reply