Informix Dynamic Server Multiple Remote Vulnerabilities

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by several
vulnerabilities.

Description :

The version of Informix Dynamic Server installed on the remote host
contains multiple vulnerabilities that may allow attackers to execute
arbitrary code, gain elevated privileges, uncover sensitive
information, deny service to legitimate users, etc. Some of these
issues can be exploited remotely without authentication.

See also :

http://www-1.ibm.com/support/docview.wss?uid=swg21242921

Solution :

Upgrade to Informix 10.00.xC4 / 9.40.xD8 / 7.31.xD9 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 22229 (informix_ids_mult_vulns.nasl)

Bugtraq ID: 19264

CVE ID: CVE-2006-3853
CVE-2006-3855
CVE-2006-3856
CVE-2006-3857
CVE-2006-3858
CVE-2006-3860
CVE-2006-3861
CVE-2006-3862