漏洞信息详情

IBM Informix Dynamic Server '/tmp/installserver.txt'符号链接漏洞

• CNNVD编号：CNNVD-200610-076
• 危害等级： 低危
  
• CVE编号： CVE-2006-5163
• 漏洞类型： 竞争条件
• 发布时间： 2006-10-05
• 威胁类型： 本地
• 更新时间： 2006-10-06
• 厂        商： ibm
• 漏洞来源： .');">This vulnerability...

漏洞简介

IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux及可能的其他版本会创建具有不安全许可权的/tmp/installserver.txt，本地用户可以通过符号链接将数据附加到任意文件中。

漏洞公告

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

IBM Informix Client SDK 2.90

IBM IC50783

http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50783&loc=en_US&cs=utf-8&lang=en

IBM Informix IDS 10.0

IBM IC50784

http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50784&loc=en_US&cs=utf-8&lang=en

IBM IC50785

http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50785&loc=en_US&cs=utf-8&lang=en

IBM Informix Connect 2.90

IBM IC50786

http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50786&loc=en_US&cs=utf-8&lang=en

参考网址

来源: XF

名称: informix-install-script-weak-permissions(29300)

链接:http://xforce.iss.net/xforce/xfdb/29300

来源: XF

名称: informix-installserver-symlink(29297)

链接:http://xforce.iss.net/xforce/xfdb/29297

来源: BID

名称: 20300

链接:http://www.securityfocus.com/bid/20300

来源: BUGTRAQ

名称: 20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install

链接:http://www.securityfocus.com/archive/1/archive/1/447501/100/0/threaded

来源: SECUNIA

名称: 22223

链接:http://secunia.com/advisories/22223

来源: FULLDISC

名称: 20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install

链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.HTML

来源: OSVDB

名称: 29349

链接:http://www.osvdb.org/29349

来源: VUPEN

名称: ADV-2006-3883

链接:http://www.frsirt.com/english/advisories/2006/3883

来源: SREASON

名称: 1686

链接:http://securityreason.com/securityalert/1686

受影响实体

• Ibm Informix_dynamic_server:10.Uc_rc1:Trial_linux  

补丁

暂无