• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: IBM Informix Dynamic Server Multiple Remote Vulnerabilities

Severity: CRITICAL

Description:

IBM Informix Dynamic Server is an application server that runs on various platforms.

The application is prone to multiple remote vulnerabilities:

- A stack-based buffer-overflow vulnerability occurs when processing authentication requests containing a large number of parameters in the initial packet of the protocol handshake exchange. During processing, a stack-based overflow occurs allowing unauthenticated attackers to execute arbitrary machine code in the context of the database process.

- A buffer-overflow vulnerability affects the 'onit.exe' process, which listens on TCP port 1526. Specifically, when authenticating a user, the application fails to perform adequate boundary checks on the 'DBPATH' parameter before copying it into an insufficiently sized buffer. Note that the attacker must have database connection privileges.

- A buffer-overflow vulnerability occurs when processing authentication passwords. The issue occurs in the 'onit.exe' process. Specifically, the application fails to check the length of a user's password before copying it into an insufficiently sized buffer. If an attacker supplies an excessively long password, a stack overflow will occur.

Attackers can exploit these issues to execute arbitrary code with superuser privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions.

Affected Products:

• IBM Informix IDS 10.0
• IBM Informix IDS 10.0 .xC4
• IBM Informix IDS 10.0 xC3
• IBM Informix IDS 10.00.xC7W1
• IBM Informix IDS 10.00.xC8
• IBM Informix IDS 11.10
• IBM Informix IDS 11.10.xC2
• IBM Informix IDS 7.3
• IBM Informix IDS 7.31 .xD8
• IBM Informix IDS 7.31 .xD9
• IBM Informix IDS 9.3.0
• IBM Informix IDS 9.4
• IBM Informix IDS 9.40 .TC5
• IBM Informix IDS 9.40 .UC5
• IBM Informix IDS 9.40 .xD8
• IBM Informix IDS 9.40 xC7
• IBM Informix IDS 9.40.0.UC1
• IBM Informix IDS 9.40.0.UC2
• IBM Informix IDS 9.40.0.UC3

References:

• IBM: IBM Support Document swg1IC55207
• IBM: IBM Support Document swg1IC55208
• IBM: IBM Support Document swg1IC55209
• IBM: IBM Support Document swg1IC55210
• IBM: IBM Support Document swg1IC55223
• IBM: IBM Support Document swg1IC55224
• IBM: IBM Support Document swg1IC55225
• IBM: Informix Dynamic Server (IDS) Homepage
• MWR InfoSecurity: IBM Informix Pre-Authentication Stack Overflow
• Zero Day Initiative: ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability
• Zero Day Initiative: ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow V

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.