Informix Dynamic Server
CVE-2016-0226
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
AnalysisAI
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. Affected products include: Ibm Informix Dynamic Server.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Informix Dynamic Server
View allStack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 all
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users t
CVE-2024-45675 is a security vulnerability (CVSS 8.4) that allows a local user. High severity vulnerability requiring pr
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds wri
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious sha
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an in
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privil
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Ra
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large ass
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds check
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today