The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Informix DS: vulnerabilities during the installation

Synthesis of the vulnerability 

A local attacker can alter files during the installation of Informix DS.
Vulnerable products: Informix Server.
Severity of this weakness: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/11/2006.
Références of this bulletin: 1247438, CVE-2006-5663, CVE-2006-5664, VIGILANCE-VUL-6270.

Description of the vulnerability 

Two vulnerabilities can be used by a local attacker during the installation of several Informix products.

Permissions of installation scripts permit a local attacker to edit them, in order for example to insert a Trojan horse. [severity:1/4; CVE-2006-5663]

Temporary files are not created in a secure manner under /tmp, which permits a local attacker to use a symlink to force the corruption of another file. [severity:1/4; CVE-2006-5664]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity threat impacts software or systems such as Informix Server.

Our Vigil@nce team determined that the severity of this computer threat note is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this security threat.

Solutions for this threat 

Informix DS: version and workaround.
Following versions are corrected:
  Solaris Opteron, Linux zSeries : 10.00.xC5R
  Autres systèmes : 10.00.xC6
A workaround is to :
 - change permissions of installation scripts to 755, and
 - use the "-log" option to change the temporary directory
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability note. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.