IBM closes security hole in Informix database
Security service provider NGSSoftware has discovered several security holes in IBM's Informix Dynamic Server. Updates to fix the problems are already available from IBM. The software giant took its time in preparing the patches, however: NGSSoftware informed IBM about the flaw all the way back in January 2005, the security advisory claims.
Using the LOTOFILE and rlt_tracefile_set functions, attackers could create and write arbitrary files. This was also the case with SET DEBUG FILE. The security specialists at NGSSoftware also turned up numerous buffer overflows. These could occur in the SET DEBUG FILE, IFX_FILE_TO_FILE, FILETOCLOB, LOTOFILE and DBINFO functions. At the protocol level, the functions _sq_remview, _sq_remproc, _sq_remperms, _sq_distfetch and _sq_dcatalog were susceptible to buffer overflows; they access the getname() function in C, which like strcpy() copies a string into the target buffer.
Administrators should install the updates as soon as possible. They should be drawn from the standard IBM channels, and placed on the Passport Advantage page, for example.
- Multiple Buffer Overflow Vulnerabilities in Informix, Advisory from NGSSoftware
- Multiple Arbitrary File Access (Write/Read) Vulnerabilities, Advisory from NGSSoftware
(ehe)