CVE-2006-3855
CVSS6.5
发布时间 :2006-08-08 18:04:00
修订时间 :2016-08-31 09:14:15
NMCOP    

[原文]The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."


[CNNVD]Informix Dynamic Server ifx_load_internal SQL函数代码执行漏洞(CNNVD-200608-110)

        Informix Dynamic Server(IDS)是一款由IBM开发的数据库。
         ifx_load_internal SQL函数可能将任意函数库加载到数据库服务进程的地址空间。攻击者可以将代码放置在Windows的DllMain()函数或Linux的_init()函数上,当加载函数库时就会导致自动执行代码。

- CVSS (基础分值)

CVSS分值: 6.5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:ibm:informix_dynamic_server:10.0.xc3IBM Informix IDS 10.0.xC3
cpe:/a:ibm:informix_dynamic_server:9.4IBM Informix IDS 9.4
cpe:/a:ibm:informix_dynamic_server:9.40.uc2IBM Informix IDS 9.40.UC2
cpe:/a:ibm:informix_dynamic_server:9.40.uc1IBM Informix IDS 9.40.UC1
cpe:/a:ibm:informix_dynamic_server:9.40.uc5IBM Informix IDS 9.40.UC5
cpe:/a:ibm:informix_dynamic_server:9.40.tc5IBM Informix IDS 9.40.TC5
cpe:/a:ibm:informix_dynamic_server:9.40.uc3IBM Informix IDS 9.40.UC3
cpe:/a:ibm:informix_dynamic_server:10.0IBM Informix Dynamic Server 10.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3855
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3855
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-110
(官方数据源) CNNVD

- 其它链接及资源

http://www-1.ibm.com/support/docview.wss?uid=swg21242921
(UNKNOWN)  CONFIRM  http://www-1.ibm.com/support/docview.wss?uid=swg21242921
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
(UNKNOWN)  MISC  http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
http://www.securityfocus.com/archive/1/archive/1/443133/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060814 Informix - Discovery, Attack and Defense
http://www.securityfocus.com/archive/1/archive/1/443184/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060814 Arbitrary Library Loading in Informix
http://www.securityfocus.com/bid/19264
(VENDOR_ADVISORY)  BID  19264
http://www.vupen.com/english/advisories/2006/3077
(UNKNOWN)  VUPEN  ADV-2006-3077
http://xforce.iss.net/xforce/xfdb/28129
(VENDOR_ADVISORY)  XF  informix-ccodeudr-privilege-escalation(28129)

- 漏洞信息

Informix Dynamic Server ifx_load_internal SQL函数代码执行漏洞
中危 资料不足
2006-08-08 00:00:00 2006-08-21 00:00:00
远程※本地  
        Informix Dynamic Server(IDS)是一款由IBM开发的数据库。
         ifx_load_internal SQL函数可能将任意函数库加载到数据库服务进程的地址空间。攻击者可以将代码放置在Windows的DllMain()函数或Linux的_init()函数上,当加载函数库时就会导致自动执行代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://support.novell.com/security-alerts

- 漏洞信息 (F49295)

NISR02082006C.txt (PacketStormID:F49295)
2006-08-27 00:00:00
David Litchfield  ngssoftware.com
advisory,arbitrary
linux,windows
CVE-2006-3855
[点击下载]

NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. An attacker can force to the database server to load an arbitrary library and thus execute arbitrary code. The ifx_load_internal SQL function can be used to load an arbitrary library into the address space of the database server process. By placing code in the DllMain() function on Windows or _init() on Linux an attacker can have this code execute automatically when the library is loaded. In conjunction with exploiting other flaws it is possible to remotely create a library over SQL, dump this to the server disk and then load it. All versions are affected.

NGSSoftware Insight Security Research Advisory

Name: Arbitrary Library Loading in Informix
Systems Affected: All versions of Informix
Severity: High
Vendor URL: http://www.ibm.com/
Author: David Litchfield [ davidl@ngssoftware.com ]
Date of Public Advisory: 2nd August 2006
Advisory number: #NISR02082006C
CVEID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3855
Advisory URL: http://www.ngssoftware.com/research/

Description
***********
Informix Dynamic Server is a database developed by IBM. An attacker can 
force to the database server to load an arbitrary library and thus execute 
arbitrary code.


Details
*******
The ifx_load_internal SQL function can be used to load an arbitrary library 
into the address space of the database server process. By placing code in 
the DllMain() function on Windows or _init() on Linux an attacker can have 
this code execute automatically when the library is loaded. In conjunction 
with exploiting other flaws it is possible to remotely create a library over 
SQL, dump this to the server disk and then load it.

Fix Information
***************
IBM was alerted to this flaw on the 18th January 2005. Revoking execute 
permission on ifx_load_internal SQL function from public will remove the 
risk of exploitation of this issue.

NGSSQuirreL for Informix, an advanced vulnerability assessment scanner 
designed specifically for Informix, can be used to accurately determine 
whether your servers are vulnerable to this flaw. More information about 
NGSSQuirreL for Informix can be found here 
http://www.ngssoftware.com/products/database-security/ngs-squirrel-informix.php

About NGSSoftware
*****************

NGSSoftware develops vulnerability assessment and compliancy tools for 
database servers including Oracle, Microsoft SQL Server, DB2, Sybase and 
Informix. Headquartered in the United Kingdom NGS has offices in London, St. 
Andrews (UK), Sydney, Brisbane, and Perth (Australia) and Texas in the 
United States; NGSConsulting provide services to some of the largest and 
most demanding organizations around the globe.

http://www.ngssoftware.com/

Telephone +44 208 401 0070
Fax +44 208 401 0076

enquiries@ngssoftware.com

    

- 漏洞信息

27689
IBM Informix Dynamic Server C Code UDR Unspecified Privilege Upgrade
Location Unknown Attack Type Unknown
Loss of Integrity
Exploit Unknown

- 漏洞描述

Informix Dynamic Server contains an unspecified flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is related to C code UDR, and may lead to a loss of integrity.

- 时间线

2006-07-31 2005-01-10
Unknow Unknow

- 解决方案

Upgrade to version 9.40.xC8, 10.00.xC4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站