Full Disclosure mailing list archives
SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities
From: Maor Shwartz <maors () beyondsecurity com>
Date: Mon, 29 May 2017 13:26:08 +0300
Link: https://blogs.securiteam.com/index.php/archives/3210 *Vulnerabilities Summary*The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and administrators. One of the strong features of IDS is the low administration cost. IDS is well known for its hands-free administration. To make server administration even easier, a new open source, platform-independent tool called OpenAdmin Tool (OAT) is now available to IDS users. The OAT includes a graphical interface for administrative tasks and performance analysis tools. Vulnerabilities: Unauthentication static PHP code injection that leads to remote code execution Heap buffer overflow Remote DLL Injection that leads to remote code execution (1) Remote DLL Injection that leads to remote code execution (2) Remote DLL Injection that leads to remote code execution (3) Remote DLL Injection that leads to remote code execution (4) *Credit* An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program *Vendor response*IBM has released patches to address those vulnerabilities and issued the following CVE’s: CVE-2016-2183 CVE-2017-1092 For more Information – http://www-01.ibm.com/support/docview.wss?uid=swg22002897 -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities – SecuriTeam Blogs.pdf
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities Maor Shwartz (May 29)