CVE-2006-5163 - IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/insta

CVE-2006-5163

Summary

IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.

References

Vulnerable Configurations

cpe:2.3:a:ibm:informix_dynamic_server:10.uc_rc1:*:trial_linux:*:*:*:*:*
cpe:2.3:a:ibm:informix_dynamic_server:10.uc_rc1:*:trial_linux:*:*:*:*:*

CVSS

Base:	3.6 (as of 17-10-2018 - 21:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:P

refmap via4

bid	20300
bugtraq	20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install
fulldisc	20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install
osvdb	29349
secunia	22223
sreason	1686
vupen	ADV-2006-3883
xf	informix-install-script-weak-permissions(29300) informix-installserver-symlink(29297)

Last major update

17-10-2018 - 21:41

Published

05-10-2006 - 04:04

Last modified

17-10-2018 - 21:41