CVE-2004-2489Use of Externally-Controlled Format String in IBM Informix Dynamic Server

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 75.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Informix Dynamic Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDibm/informix_dynamic_server9.40.uc1, 9.40.uc2+1

Patches

Patch: secunia.comPatch: www.osvdb.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-968h-qw7j-96w3: Format string vulnerability in IBM Informix Dynamic Server (IDS) before 92022-04-29
CVEList
CVE-2004-2489: Format string vulnerability in IBM Informix Dynamic Server (IDS) before 92005-10-25
CVE-2004-2489 — IBM vulnerability | cvebase