CVE-2006-3858
First published: Tue Aug 08 2006(Updated: )
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Informix | =9.4 | |
| IBM Informix | =9.40.tc5 | |
| IBM Informix | =9.40.uc1 | |
| IBM Informix | =9.40.uc2 | |
| IBM Informix | =9.40.uc3 | |
| IBM Informix | =9.40.uc5 | |
| IBM Informix | =9.40.xc5 | |
| IBM Informix | =9.40.xc7 | |
| IBM Informix | =10.0 | |
| IBM Informix | =10.0.xc1 | |
| IBM Informix | =10.0.xc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-1.ibm.com/support/docview.wss?uid=swg21242921
- http://www.securityfocus.com/bid/19264
- http://secunia.com/advisories/21301
- http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
- http://www.osvdb.org/27691
- http://www.vupen.com/english/advisories/2006/3077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28132
- http://www.securityfocus.com/archive/1/443195/100/0/threaded
- http://www.securityfocus.com/archive/1/443133/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3858?
CVE-2006-3858 is considered a high severity vulnerability due to the storage of passwords in plaintext.
How do I fix CVE-2006-3858?
To fix CVE-2006-3858, upgrade to IBM Informix Dynamic Server version 9.40.xC8 or 10.00.xC4 or newer.
What are the implications of CVE-2006-3858?
CVE-2006-3858 allows local users to read passwords from shared memory, posing a significant security risk.
Which versions of IBM Informix Dynamic Server are affected by CVE-2006-3858?
CVE-2006-3858 affects IBM Informix Dynamic Server versions before 9.40.xC8 and 10.00 before 10.00.xC4.
Can local users exploit CVE-2006-3858?
Yes, local users can exploit CVE-2006-3858 by accessing shared memory to obtain plaintext passwords.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm informix
- version/ibm informix/9.4
- version/ibm informix/9.40.tc5
- version/ibm informix/9.40.uc1
- version/ibm informix/9.40.uc2
- version/ibm informix/9.40.uc3
- version/ibm informix/9.40.uc5
- version/ibm informix/9.40.xc5
- version/ibm informix/9.40.xc7
- version/ibm informix/10.0
- version/ibm informix/10.0.xc1
- version/ibm informix/10.0.xc3