CVE-2006-3862 Information

Description

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).

Reference

http://secunia.com/advisories/21301 http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf http://www.osvdb.org/27694 http://www.securityfocus.com/archive/1/443133/100/0/threaded http://www.securityfocus.com/archive/1/443165/100/0/threaded http://www.securityfocus.com/bid/19264 http://www.vupen.com/english/advisories/2006/3077 http://www-1.ibm.com/support/docview.wss?uid=swg21242921 https://exchange.xforce.ibmcloud.com/vulnerabilities/28158