Link: https://blogs.securiteam.com/index.php/archives/3210 *Vulnerabilities Summary*The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing. IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and administrators. One of the strong features of IDS is the low administration cost. IDS is well known for its hands-free administration. To make server administration even easier, a new open source, platform-independent tool called OpenAdmin Tool (OAT) is now available to IDS users. The OAT includes a graphical interface for administrative tasks and performance analysis tools. Vulnerabilities: Unauthentication static PHP code injection that leads to remote code execution Heap buffer overflow Remote DLL Injection that leads to remote code execution (1) Remote DLL Injection that leads to remote code execution (2) Remote DLL Injection that leads to remote code execution (3) Remote DLL Injection that leads to remote code execution (4) *Credit* An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program *Vendor response*IBM has released patches to address those vulnerabilities and issued the following CVE’s: CVE-2016-2183 CVE-2017-1092 For more Information – http://www-01.ibm.com/support/docview.wss?uid=swg22002897 -- Thanks Maor Shwartz GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities – SecuriTeam Blogs.pdf
Description: Adobe PDF document
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/