CVE

Id
19958  
CVE No.
CVE-2006-3854  
Status
Candidate  
Description
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853.  
Phase
Assigned (20060726)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
184076 19958 CVE-2006-3854 BUGTRAQ:20060814 Error logging buffer overflow in Informix  View
184077 19958 CVE-2006-3854 URL:http://www.securityfocus.com/archive/1/archive/1/443150/100/0/threaded  View
184078 19958 CVE-2006-3854 BUGTRAQ:20060814 Informix - Discovery, Attack and Defense  View
184079 19958 CVE-2006-3854 URL:http://www.securityfocus.com/archive/1/archive/1/443133/100/0/threaded  View
184080 19958 CVE-2006-3854 MISC:http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf  View
184081 19958 CVE-2006-3854 SREASON:1409  View
184082 19958 CVE-2006-3854 URL:http://securityreason.com/securityalert/1409  View
184083 19958 CVE-2006-3854 XF:informix-long-username-bo(28381)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
59624 JVNDB-2006-001890 IBM IDS におけるサービス運用妨害 (DoS) の脆弱性 IBM Informix Dynamic Server (IDS) には、サービス運用妨害 (クラッシュ) 状態となる脆弱性が存在します。 CVE-2006-3856 19958 2.1 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-001890.html  View