Description: Several vulnerabilities were reported in IBM's Informix Dynamic Server. A local user can obtain elevated privileges.
Vulnerabilities were reported by Secure Network Operations Strategic Reconnaissance Team and also by Juan Manuel Pascual Escriba in several binaries included with the Informix Dynamic Server, including:
oninit, onmode, onedcu, ifmxgcore, ontape, ondblog, onbar_d, onsmsync, onmonitor, sgidsh, mkdbsdir, onshowaudit, onaudit, onspaces, onparams, onlog, oncheck, onpload, onstat, onedpu, onload, onunload, and xtree.
A local user can reportedly set the GL_PATH environment variable to a specially crafted value to trigger a buffer overflow in several of these components.
A local user can also reportedly set the ONCONFIG environment variable to a value larger than 495 bytes to cause 'ontape' to execute arbitrary code.
A local user can also trigger a format string flaw in some of the components. The local user can replace a message file that is required by the target component so that when executed, the information in the malicious message file will cause arbitrary code to run on the target system.
In all sets of vulnerabilities, arbitrary code can be executed with informix group privileges or root user privileges, depending on the specific component.
Impact: A local user may be able to execute arbitrary code with elevated privileges, including 'informix' group privileges and 'root' user privileges.
Solution: The vendor has released the following patches (IDS 9.40.UC3, 9.30.UC7, and 7.31.UD7). For more information, see:
http://www-1.ibm.com/support/docview.wss?uid=swg21153336
|
