CVE-2002-0905
published 2002-10-04CVE-2002-0905: Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.07%
60.7th percentile
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | informix | — | — |
| ibm | informix | — | — |
| ibm | informix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
exploitdb·2002-05-30
CVE-2002-0905 IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/4891/info
Informix is an enterprise database distributed and maintained by IBM.
A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string copy of the INFORMIXDIR environment variable to a local buffer. There is at least one setuid root executable that is vulnerable, `sqlexec'. A malicious user may exploit the overflow condition in sqlexec to gain root privileges.
#include
#include
#include
#include
#include
#include
#include
#define BUFFERSIZE 2032
/* linux x86 shellcode */
char lunixshell[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80"
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8
Exploit-DB
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)
exploitdb·2002-05-30
CVE-2002-0905 IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)
IBM Informix SE 7.25 sqlexec - Local Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/4891/info
Informix is an enterprise database distributed and maintained by IBM.
A buffer overflow vulnerability has been reported for Informix-SE for Linux. The overflow is due to an unbounded string copy of the INFORMIXDIR environment variable to a local buffer. There is at least one setuid root executable that is vulnerable, `sqlexec'. A malicious user may exploit the overflow condition in sqlexec to gain root privileges.
#!/usr/bin/perl
# IBM SE 7.25.UC1 for INTEL LINUX 2.4 GLIBC2.2.X
# Local Root Exploit by pHrail
# This exploits the sqlexec binary, and yields UID=0
# Tested on Mandrake Linux 8.2. All other Linux presumed vulnerable
#
# IBM still hasn't patched this hole, and is
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-05/0270.htmlhttp://www.iss.net/security_center/static/9219.phphttp://www.securityfocus.com/bid/4891http://archives.neohapsis.com/archives/bugtraq/2002-05/0270.htmlhttp://www.iss.net/security_center/static/9219.phphttp://www.securityfocus.com/bid/4891
2002-10-04
Published