CVE-2006-3860
First published: Thu Aug 17 2006(Updated: )
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Informix Dynamic Database Server | =7.3 | |
| IBM Informix Dynamic Database Server | =7.31_.xd8 | |
| IBM Informix Dynamic Database Server | =9.4 | |
| IBM Informix Dynamic Database Server | =9.40.tc5 | |
| IBM Informix Dynamic Database Server | =9.40.uc1 | |
| IBM Informix Dynamic Database Server | =9.40.uc2 | |
| IBM Informix Dynamic Database Server | =9.40.uc3 | |
| IBM Informix Dynamic Database Server | =9.40.uc5 | |
| IBM Informix Dynamic Database Server | =9.40.xc7 | |
| IBM Informix Dynamic Database Server | =10.0 | |
| IBM Informix Dynamic Database Server | =10.0_xc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
- http://www-1.ibm.com/support/docview.wss?uid=swg21242921
- http://www.securityfocus.com/bid/19264
- http://secunia.com/advisories/21301
- http://www.osvdb.org/27686
- http://securityreason.com/securityalert/1407
- http://www.vupen.com/english/advisories/2006/3077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28124
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28121
- http://www.securityfocus.com/archive/1/443185/100/0/threaded
- http://www.securityfocus.com/archive/1/443133/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3860?
CVE-2006-3860 is considered a high-severity vulnerability due to the potential for remote command execution by authenticated users.
How do I fix CVE-2006-3860?
To fix CVE-2006-3860, you should upgrade your IBM Informix Dynamic Server to versions 9.40.xC7 or 10.00.xC3 or later.
Which versions of IBM Informix Dynamic Server are affected by CVE-2006-3860?
CVE-2006-3860 affects IBM Informix Dynamic Server versions prior to 9.40.xC7 and 10.00 prior to 10.00.xC3.
What types of attacks can be executed due to CVE-2006-3860?
CVE-2006-3860 allows remote authenticated users to execute arbitrary commands, potentially leading to unauthorized access and actions.
Who is impacted by CVE-2006-3860?
Any organization utilizing vulnerable versions of IBM Informix Dynamic Server could be at risk of exploitation through CVE-2006-3860.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm informix dynamic database server
- version/ibm informix dynamic database server/7.3
- version/ibm informix dynamic database server/7.31_.xd8
- version/ibm informix dynamic database server/9.4
- version/ibm informix dynamic database server/9.40.tc5
- version/ibm informix dynamic database server/9.40.uc1
- version/ibm informix dynamic database server/9.40.uc2
- version/ibm informix dynamic database server/9.40.uc3
- version/ibm informix dynamic database server/9.40.uc5
- version/ibm informix dynamic database server/9.40.xc7
- version/ibm informix dynamic database server/10.0
- version/ibm informix dynamic database server/10.0_xc3