CVE Vulnerability

CVE-2008-0369

Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg27011556
http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
http://www.securityfocus.com/bid/27328
http://secunia.com/advisories/28534 Vendor Advisory
http://www.securitytracker.com/id?1019237
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
http://www.vupen.com/english/advisories/2008/0169 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40009
https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
Configurations

Configuration 1

cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*
Information

Published : 2008-01-19 12:00

Updated : 2017-08-08 01:29

NVD link : CVE-2008-0369

Mitre link : CVE-2008-0369

Products Affected
No products.
CWE
NVD-CWE-noinfo