CVE-2018-1634
First published: Tue Aug 20 2019(Updated: )
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Informix Dynamic Server | =12.10-fc1 | |
| IBM Informix Dynamic Server | =12.10-fc10 | |
| IBM Informix Dynamic Server | =12.10-fc11 | |
| IBM Informix Dynamic Server | =12.10-fc12 | |
| IBM Informix Dynamic Server | =12.10-fc2 | |
| IBM Informix Dynamic Server | =12.10-fc3 | |
| IBM Informix Dynamic Server | =12.10-fc4 | |
| IBM Informix Dynamic Server | =12.10-fc5 | |
| IBM Informix Dynamic Server | =12.10-fc6 | |
| IBM Informix Dynamic Server | =12.10-fc7 | |
| IBM Informix Dynamic Server | =12.10-fc8 | |
| IBM Informix Dynamic Server | =12.10-fc9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1634?
CVE-2018-1634 is a vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 that could allow a local user with database administrator privileges to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME.
How severe is CVE-2018-1634?
CVE-2018-1634 has a severity rating of 6.7 (high).
How does CVE-2018-1634 affect IBM Informix Dynamic Server?
CVE-2018-1634 affects IBM Informix Dynamic Server Enterprise Edition 12.1 versions 12.10-fc1 to 12.10-fc9.
What is the Common Weakness Enumeration (CWE) associated with CVE-2018-1634?
CVE-2018-1634 is associated with CWE-59, which is a vulnerability that occurs when an attacker can change the resource path used in file operations.
Are there any references for CVE-2018-1634?
Yes, you can find more information about CVE-2018-1634 at the following references: [IBM Support Document](http://www.ibm.com/support/docview.wss?uid=ibm10964987), [IBM X-Force](https://exchange.xforce.ibmcloud.com/vulnerabilities/144437), [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20190903-0002/).
- collector/nvd-index
- agent/type
- agent/event
- vendor/ibm
- canonical/ibm informix dynamic server
- version/ibm informix dynamic server/12.10-fc1
- version/ibm informix dynamic server/12.10-fc10
- version/ibm informix dynamic server/12.10-fc11
- version/ibm informix dynamic server/12.10-fc12
- version/ibm informix dynamic server/12.10-fc2
- version/ibm informix dynamic server/12.10-fc3
- version/ibm informix dynamic server/12.10-fc4
- version/ibm informix dynamic server/12.10-fc5
- version/ibm informix dynamic server/12.10-fc6
- version/ibm informix dynamic server/12.10-fc7
- version/ibm informix dynamic server/12.10-fc8
- version/ibm informix dynamic server/12.10-fc9