SB2019082048 - Multiple vulnerabilities in IBM Informix Dynamic Server
Published: August 20, 2019 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-1632)
The vulnerability allows a local privileged user to execute arbitrary code.
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-1633)
The vulnerability allows a local privileged user to execute arbitrary code.
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-1634)
The vulnerability allows a local privileged user to execute arbitrary code.
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
4) Buffer overflow (CVE-ID: CVE-2018-1635)
The vulnerability allows a local privileged user to execute arbitrary code.
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
5) Buffer overflow (CVE-ID: CVE-2018-1636)
The vulnerability allows a local privileged user to execute arbitrary code.
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-1796)
The vulnerability allows a local authenticated user to execute arbitrary code.
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-4253)
The vulnerability allows a local authenticated user to execute arbitrary code.
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
Remediation
Install update from vendor's website.
References
- http://www.ibm.com/support/docview.wss?uid=ibm10964987
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144432
- https://security.netapp.com/advisory/ntap-20190903-0002/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144434
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144437
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144439
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144441
- https://exchange.xforce.ibmcloud.com/vulnerabilities/149426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159941