Buffer overflow : IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.902546
Category:	Buffer overflow
Title:	IBM Informix Dynamic Server Oninit Remote Code Execution Vulnerability - Windows
Summary:	IBM Informix Dynamic Server is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: IBM Informix Dynamic Server is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw is due to a boundary error in the oninit process bound to TCP port 9088 when processing the arguments to the USELASTCOMMITTED option in a SQL query. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Affected Software/OS: IBM Informix Dynamic Server (IDS) version 11.50 Solution: Upgrade to IBM Informix IDS version 11.50.xC8 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1033 BugTraq ID: 46230 http://www.securityfocus.com/bid/46230 Bugtraq: 20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516250/100/0/threaded http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm http://zerodayinitiative.com/advisories/ZDI-11-050/ http://secunia.com/advisories/43212 http://securityreason.com/securityalert/8078 http://www.vupen.com/english/advisories/2011/0309 XForce ISS Database: ibm-informix-dynamic-oninit-bo(65209) https://exchange.xforce.ibmcloud.com/vulnerabilities/65209
Copyright	Copyright (C) 2011 Greenbone AG