The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Informix Dynamic Server

computer vulnerability bulletin CVE-2016-0226

IBM Informix Dynamic Server: privilege escalation via ACL

Synthesis of the vulnerability

An attacker can alter nsrexecd.exe of IBM Informix Dynamic Server, in order to escalate his privileges.
Impacted products: Informix Server.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 11/03/2016.
Identifiers: 1978598, CVE-2016-0226, VIGILANCE-VUL-19158, ZDI-16-195, ZDI-16-208, ZDI-16-209, ZDI-16-210.

Description of the vulnerability

The IBM Informix Dynamic Server product is installed in C:\ISM on Windows.

However, ACLs on this directory are too permissive, so a local attacker can alter the nsrexecd.exe program.

An attacker can therefore alter nsrexecd.exe of IBM Informix Dynamic Server, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-0201

IBM GSKit: information disclosure via MD5 collisions

Synthesis of the vulnerability

An attacker can use a vulnerability in GSKit of IBM, in order to obtain sensitive information.
Impacted products: DB2 UDB, Informix Server, Tivoli Storage Manager, WebSphere MQ.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 19/01/2016.
Revision date: 22/01/2016.
Identifiers: 1610582, 1974466, 1974785, 1975839, CVE-2016-0201, VIGILANCE-VUL-18756.

Description of the vulnerability

Several IBM products use the GSKit component.

However, an attacker can trigger a MD5 collision to access to data.

An attacker can therefore use a vulnerability in GSKit of IBM, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-8730 CVE-2015-2774

Check Point, Cisco, IBM, F5, FortiOS: information disclosure via POODLE on TLS

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can decrypt a Terminating TLS session, in order to obtain sensitive information.
Impacted products: GAiA, CheckPoint IP Appliance, IPSO, CheckPoint Power-1 Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Smart-1, CheckPoint VSX-1, Cisco ACE, ASA, BIG-IP Hardware, TMOS, Fedora, FortiGate, FortiGate Virtual Appliance, FortiOS, DB2 UDB, Domino, Informix Server, Tivoli Directory Server, openSUSE, Solaris, Palo Alto Firewall PA***, PAN-OS, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/12/2014.
Revision date: 17/12/2014.
Identifiers: 1450666, 1610582, 1647054, 1692906, 1693052, 1693142, bulletinjul2017, CERTFR-2014-AVI-533, CSCus08101, CSCus09311, CVE-2014-8730, CVE-2015-2774, FEDORA-2015-12923, FEDORA-2015-12970, openSUSE-SU-2016:0523-1, sk103683, SOL15882, USN-3571-1, VIGILANCE-VUL-15756.

Description of the vulnerability

The VIGILANCE-VUL-15485 (POODLE) vulnerability originates from an incorrect management of SSLv3 padding.

The F5 BIG-IP product can be configured to "terminate" SSL/TLS sessions. However, even when TLS is used, this BIG-IP feature uses the SSLv3 function to manage the padding. TLS sessions are thus also vulnerable to POODLE.

The same vulnerability also impacts Check Point, Cisco, IBM and Fortinet products.

An attacker, located as a Man-in-the-Middle, can therefore decrypt a Terminating TLS session, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0963

IBM GSKit: infinite loop of SSL

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: DB2 UDB, Domino, I-Connect, Informix Server, Notes, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 20/05/2014.
Identifiers: 1610582, 1671732, 1672724, 1673008, 1673018, 1673666, 1673696, 1674047, 1674824, 1674825, 1681114, 7042179, CVE-2014-0963, VIGILANCE-VUL-14775.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, some SSL messages generate an infinite loop in GSKit.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-6747

IBM GSKit: denial of service via SSL/TLS

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: DB2 UDB, Informix Server, Security Directory Server, SPSS Modeler, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 30/01/2014.
Identifiers: 1610582, 1662902, 1665137, 1668664, 1670524, 1671732, 1673696, 1674047, 1674824, 1674825, CVE-2013-6747, VIGILANCE-VUL-14158.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, a malformed certificate chain triggers an error.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2013-6329

IBM GSKit: denial of service via SSLv2

Synthesis of the vulnerability

An attacker can send malicious SSLv2 messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: Informix Server, Tivoli Directory Server.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 30/01/2014.
Identifiers: 1660436, 1660440, 1662362, 88939, BID-64249, CVE-2013-6329, VIGILANCE-VUL-14155.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, the SSLv2 session resumption is incorrectly implemented.

An attacker can therefore send malicious SSLv2 messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 12088

IBM Informix Dynamic Server: memory corruption via DRDA

Synthesis of the vulnerability

An attacker can use the DRDA protocol, in order to generate an overflow of one byte in IBM Informix Dynamic Server, leading to a denial of service or possibly to code execution.
Impacted products: Informix Server.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 24/10/2012.
Identifiers: IC85913, swg27036092, VIGILANCE-VUL-12088.

Description of the vulnerability

The DRDA (Distributed Relational Database Architecture) protocol is used to send SQL queries to remote servers.

An attacker can use the DRDA protocol, in order to generate an overflow of one byte in IBM Informix Dynamic Server, leading to a denial of service or possibly to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-2190

IBM GSKit: denial of service via Handshake

Synthesis of the vulnerability

An attacker can inject a malicious packet during the Handshake of a TLS session, in order to stop applications linked to IBM GSKit.
Impacted products: DB2 UDB, Informix Server, Tivoli Directory Server, Tivoli Storage Manager, WebSphere AS Traditional.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 08/10/2012.
Identifiers: 1450666, 1672360, BID-54743, CERTA-2012-AVI-552, CERTA-2013-AVI-159, CVE-2012-2190, IC90385, IC90395, IC90396, IC90397, swg21609030, swg21620711, swg21626749, swg27014463.html, swg27022958, VIGILANCE-VUL-12038.

Description of the vulnerability

The IBM Global Security Kit product implements SSL/TLS for several IBM products.

However, a malicious TLS message received during the Handshake generates an error in GSKit.

An attacker can therefore inject a malicious packet during the Handshake of a TLS session, in order to stop applications linked to IBM GSKit.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-3334

IBM Informix Dynamic Server: privilege elevation via COLLATION

Synthesis of the vulnerability

A local attacker can use the SET COLLATION command of IBM Informix Dynamic Server, in order to generate a buffer overflow, and to execute code with privileges of the service.
Impacted products: Informix Server.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 25/09/2012.
Identifiers: BID-55668, CERTA-2012-AVI-525, CVE-2012-3334, DCA-2011-0013, swg21611800, VIGILANCE-VUL-11976.

Description of the vulnerability

The "SET COLLATION" SQL command is used to define the sorting order of characters (most of the times, it depends on the locale). For example :
  SET COLLATION en_us.8859-1

However, if the parameter is too long, an overflow occurs.

A local attacker can therefore use the SET COLLATION command of IBM Informix Dynamic Server, in order to generate a buffer overflow, and to execute code with privileges of the service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11227

Informix Dynamic Server: user access

Synthesis of the vulnerability

When the APAR IC80345 is installed, an attacker can authenticate on Informix Dynamic Server, without knowing user's password.
Impacted products: Informix Server.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 15/12/2011.
Identifiers: 21575140, IC80345, VIGILANCE-VUL-11227.

Description of the vulnerability

The 11.50.UC9W1 and 11.50.FC9W1 PID (Post Interim Drop) can be installed on AIX. They contain the APAR IC80345.

However, when it is installed, an attacker can login to an account, even if he does not know the user's password.

When the APAR IC80345 is installed, an attacker can therefore authenticate on Informix Dynamic Server, without knowing user's password.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Informix Dynamic Server: