IBM Informix Dynamic Server special SQL Statement Buffer Overflow Vulnerability

Release date:
Updated on:

Affected Systems:
IBM Informix IDS 11.70
IBM Informix IDS 11.50
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56857
CVE (CAN) ID: CVE-2012-4857

IBM Informix Dynamic Server provides an online transaction processing database for enterprises to run their businesses.

IBM Informix Dynamic Server 11.50.xC9W2 and earlier versions, 11.70.xC7 and earlier versions have errors in processing SQL statements with unknown details, authenticated remote/local users connected to the database server can exploit this vulnerability to cause a buffer overflow, causing the server to crash or execute arbitrary code in the server process.

<* Source: IOActive Inc

Link: http://secunia.com/advisories/51506/
Http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2012-4857
Http://www-01.ibm.com/support/docview.wss? Uid = swg21618994 & myns = swgimgmt & mynp = OCSSGU8G & mync = R
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (1618994) and corresponding patches:

1618994: Security Bulletin: Buffer overrun vulnerability when executing unspecified SQL statements in IBM Informix (CVE-2012-4857)

Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21618994 & myns = swgimgmt & mynp = OCSSGU8G & mync = R

Patch download: http://www-01.ibm.com/support/www.ibm.com/support/fixcentral/