You are here

V-044: IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code

December 11, 2012 - 4:00am

Addthis

PROBLEM:

IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code

PLATFORM:

All IBM Informix versions 11.50 prior to and including 11.50.xC9W2 – all platforms
All IBM Informix versions 11.70 prior to 11.70.xC7 – all platforms

ABSTRACT:

A vulnerability was reported in IBM Informix.

REFERENCE LINKS:

IBM Security Bulletin: 1618994
SecurityTracker Alert ID:  1027849
CVE-2012-4857

IMPACT ASSESSMENT:

High

DISCUSSION:

IBM Informix is vulnerable to a buffer overflow caused by improper handling of unspecified SQL statements. A remote attacker with valid authentication credentials could exploit this vulnerability to crash the Informix database server or execute arbitrary code within Informix database server process.

IMPACT:

A remote authenticated user can execute arbitrary code on the target system.

SOLUTION:

Upgrade IBM Informix (later than 11.50.xC9W2; 11.70.xC7 or later).
 

Addthis