CVE-2008-0727: Buffer Overflow
First published: Tue Mar 18 2008(Updated: )
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Informix | =9.40.uc3 | |
| IBM Informix | =7.31.xd8 | |
| IBM Informix | =9.40.uc2 | |
| IBM Informix | =10.0.xc4 | |
| IBM Informix | =7.31.xd9 | |
| IBM Informix | =9.40.tc5 | |
| IBM Informix | =9.40.uc1 | |
| IBM Informix | =9.40.xd8 | |
| IBM Informix | =10.0.xc3 | |
| IBM Informix | =10.0 | |
| IBM Informix | =9.40_xc7 | |
| IBM Informix | =10.00.xc7w1 | |
| IBM Informix | =9.3 | |
| IBM Informix | =11.10.xc2 | |
| IBM Informix | =9.4 | |
| IBM Informix | =7.3 | |
| IBM Informix | =9.40.uc5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zerodayinitiative.com/advisories/ZDI-08-011/
- http://www.zerodayinitiative.com/advisories/ZDI-08-012/
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209
- http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210
- http://www.securityfocus.com/bid/28198
- http://secunia.com/advisories/29272
- http://securityreason.com/securityalert/3749
- http://www.vupen.com/english/advisories/2008/0860
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41203
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41202
- http://www.securityfocus.com/archive/1/489548/100/0/threaded
- http://www.securityfocus.com/archive/1/489547/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0727?
CVE-2008-0727 is classified as a high severity vulnerability due to its ability to allow remote attackers to execute arbitrary code.
How do I fix CVE-2008-0727?
To fix CVE-2008-0727, upgrade IBM Informix Dynamic Server to a version that is not vulnerable, as listed in the vendor's security advisories.
What versions of IBM Informix Dynamic Server are affected by CVE-2008-0727?
CVE-2008-0727 affects IBM Informix Dynamic Server versions 7.x through 11.x.
What types of attacks are possible with CVE-2008-0727?
CVE-2008-0727 allows attackers to exploit buffer overflows via a long password or a long DBPATH value.
Are both remote and authenticated users vulnerable in CVE-2008-0727?
Yes, both remote attackers and authenticated users can exploit CVE-2008-0727 if they provide overly long input values.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm informix
- version/ibm informix/9.40.uc3
- version/ibm informix/7.31.xd8
- version/ibm informix/9.40.uc2
- version/ibm informix/10.0.xc4
- version/ibm informix/7.31.xd9
- version/ibm informix/9.40.tc5
- version/ibm informix/9.40.uc1
- version/ibm informix/9.40.xd8
- version/ibm informix/10.0.xc3
- version/ibm informix/10.0
- version/ibm informix/9.40_xc7
- version/ibm informix/10.00.xc7w1
- version/ibm informix/9.3
- version/ibm informix/11.10.xc2
- version/ibm informix/9.4
- version/ibm informix/7.3
- version/ibm informix/9.40.uc5