CVE-2006-3858

IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21301	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21242921	Patch
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.osvdb.org/27691
http://www.securityfocus.com/archive/1/443133/100/0/threaded
http://www.securityfocus.com/archive/1/443195/100/0/threaded
http://www.securityfocus.com/bid/19264	Patch
http://www.vupen.com/english/advisories/2006/3077
https://exchange.xforce.ibmcloud.com/vulnerabilities/28132
http://secunia.com/advisories/21301	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21242921	Patch
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.osvdb.org/27691
http://www.securityfocus.com/archive/1/443133/100/0/threaded
http://www.securityfocus.com/archive/1/443195/100/0/threaded
http://www.securityfocus.com/bid/19264	Patch
http://www.vupen.com/english/advisories/2006/3077
https://exchange.xforce.ibmcloud.com/vulnerabilities/28132

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:informix_dynamic_server:9.4:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:10.0:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:::::::*

History

21 Nov 2024, 00:14

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/21301 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/21301 - Patch, Vendor Advisory
References	~~() http://www-1.ibm.com/support/docview.wss?uid=swg21242921 - Patch~~	() http://www-1.ibm.com/support/docview.wss?uid=swg21242921 - Patch
References	~~() http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf -~~	() http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf -
References	~~() http://www.osvdb.org/27691 -~~	() http://www.osvdb.org/27691 -
References	~~() http://www.securityfocus.com/archive/1/443133/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/443133/100/0/threaded -
References	~~() http://www.securityfocus.com/archive/1/443195/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/443195/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/19264 - Patch~~	() http://www.securityfocus.com/bid/19264 - Patch
References	~~() http://www.vupen.com/english/advisories/2006/3077 -~~	() http://www.vupen.com/english/advisories/2006/3077 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/28132 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/28132 -

Information

Published : 2006-08-08 22:04

Updated : 2024-11-21 00:14

NVD link : CVE-2006-3858

Mitre link : CVE-2006-3858

CVE.ORG link : CVE-2006-3858

JSON object : View

Products Affected

ibm

informix_dynamic_server

CWE

NVD-CWE-Other

2.1 /10