CVE-2006-3858 Information

Description

IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory which allows local users to obtain passwords by reading the memory (product defects 171893 171894 173772).

Reference

http://secunia.com/advisories/21301 http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf http://www.osvdb.org/27691 http://www.securityfocus.com/archive/1/443133/100/0/threaded http://www.securityfocus.com/archive/1/443195/100/0/threaded http://www.securityfocus.com/bid/19264 http://www.vupen.com/english/advisories/2006/3077 http://www-1.ibm.com/support/docview.wss?uid=swg21242921 https://exchange.xforce.ibmcloud.com/vulnerabilities/28132