Bird_banner_small4
IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow
TSL ID TSL20170523-11
CVE ID(s) CVE-2017-1092
Severity Critical
Description

A heap buffer overflow have been reported in IBM's Informix Dynamic Server and Informix Open Admin Tool. The vulnerability is due an input validation error when processing requests sent to index.php.

A remote, unuathenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation could result in code execution with SYSTEM privileges.

The vendor, IBM, has released an advisory regarding these vulnerabilities:

http://www-01.ibm.com/support/docview.wss?uid=swg22002897

Affected Products
  • IBM Informix Dynamic Server prior to 11.50.xC9
  • IBM Informix Dynamic Server prior to 11.70.xC9
  • IBM Informix Dynamic Server prior to 12.10.xC8W2
CVSS Score Base 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C):
  • Access vector is NETWORK
  • Access complexity is LOW
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is COMPLETE
  • Impact of this vulnerability on data integrity is COMPLETE
  • Impact of this vulnerability on data availability is COMPLETE
Temporal 7.8 (E:POC/RL:OF/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
References https://blogs.securiteam.com/index.php/archives/3210#more-3210
http://www-01.ibm.com/support/docview.wss?uid=swg22002897
Related Threats