IBM Informix Dynamic Server (IDS) prior to 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm informix dynamic server 9.40.uc2 |
||
ibm informix extended parallel server 8.40_uc1 |
||
ibm informix dynamic server 9.40.uc1 |
||
ibm informix extended parallel server 8.40_uc2 |