CVE-2006-3861 Information

Description

IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions which allows remote authenticated users to create arbitrary databases.

Reference

http://secunia.com/advisories/21301 http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf http://www.osvdb.org/27692 http://www.securityfocus.com/archive/1/443133/100/0/threaded http://www.securityfocus.com/archive/1/443192/100/0/threaded http://www.securityfocus.com/bid/19264 http://www.vupen.com/english/advisories/2006/3077 http://www-1.ibm.com/support/docview.wss?uid=swg21242921 https://exchange.xforce.ibmcloud.com/vulnerabilities/28148