Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2131Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM Informix Dynamic Server

5 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 57.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
IBM Informix Dynamic ServerIBM Informix Extended Parallel Server
Timeline
PublishedJan 27
Latest updateApr 29

Description

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

NVDibm/informix_dynamic_server9.40.uc1, 9.40.uc2+1

Patches

Patch: www-1.ibm.comPatch: www.securityfocus.comPatch: www-1.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-cqjr-9hf9-qfhh: Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 92022-04-29
CVEList
CVE-2004-2131: Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 92005-05-27

💥Exploits & PoCs

2
Exploit-DB
IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (2)2003-08-08
Exploit-DB
IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (1)2003-08-08