微慑信息网

CVE-2008-0727-漏洞详情

CVE-2008-0727
CVSS 8.5
发布时间 :2008-03-17 20:44:00
修订时间 :2011-03-07 22:05:21
NMCOPS

[原文]Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.


[CNNVD]IBM Informix Dynamic Server多个远程溢出漏洞(CNNVD-200803-256)

IBM Informix Dynamic Server为企业提供运行业务所需的任务关键型数据基础设施。

(1)远程攻击者利用长密码执行任意代码(2)远程认证用户执行任意代码利用一个长的DBPATH值


CVSS (基础分值)

CVSS分值: 8.5 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: SINGLE_INSTANCE [–]


CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]


CPE (受影响的平台与产品)

cpe:/a:ibm:informix_dynamic_server:10.0.xc3 IBM Informix IDS 10.0.xC3
cpe:/a:ibm:informix_dynamic_server:11.10.xc2
cpe:/a:ibm:informix_dynamic_server:9.40.uc1 IBM Informix IDS 9.40.UC1
cpe:/a:ibm:informix_dynamic_server:9.40_xc7
cpe:/a:ibm:informix_dynamic_server:9.4 IBM Informix IDS 9.4
cpe:/a:ibm:informix_dynamic_server:10.0.xc4
cpe:/a:ibm:informix_dynamic_server:7.31.xd9
cpe:/a:ibm:informix_dynamic_server:10.00.xc7w1
cpe:/a:ibm:informix_dynamic_server:7.31.xd8
cpe:/a:ibm:informix_dynamic_server:10.0 IBM Informix Dynamic Server 10.0
cpe:/a:ibm:informix_dynamic_server:7.3
cpe:/a:ibm:informix_dynamic_server:9.40.tc5 IBM Informix IDS 9.40.TC5
cpe:/a:ibm:informix_dynamic_server:9.40.uc2 IBM Informix IDS 9.40.UC2
cpe:/a:ibm:informix_dynamic_server:9.3
cpe:/a:ibm:informix_dynamic_server:9.40.uc3 IBM Informix IDS 9.40.UC3
cpe:/a:ibm:informix_dynamic_server:9.40.xd8
cpe:/a:ibm:informix_dynamic_server:9.40.uc5 IBM Informix IDS 9.40.UC5


OVAL (用于检测的技术细节)

未找到相关OVAL定义


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0727
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0727
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-256
(官方数据源) CNNVD


其它链接及资源

http://xforce.iss.net/xforce/xfdb/41203

(UNKNOWN)  XF  ibm-informix-oninit-bo(41203)

http://xforce.iss.net/xforce/xfdb/41202

(UNKNOWN)  XF  ibm-informix-oninit-dbpath-bo(41202)

http://www.zerodayinitiative.com/advisories/ZDI-08-012/

(UNKNOWN)  MISC  http://www.zerodayinitiative.com/advisories/ZDI-08-012/

http://www.zerodayinitiative.com/advisories/ZDI-08-011/

(UNKNOWN)  MISC  http://www.zerodayinitiative.com/advisories/ZDI-08-011/

http://www.vupen.com/english/advisories/2008/0860

(UNKNOWN)  VUPEN  ADV-2008-0860

http://www.securityfocus.com/bid/28198

(UNKNOWN)  BID  28198

http://www.securityfocus.com/archive/1/archive/1/489548/100/0/threaded

(UNKNOWN)  BUGTRAQ  20080313 ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability

http://www.securityfocus.com/archive/1/archive/1/489547/100/0/threaded

(UNKNOWN)  BUGTRAQ  20080313 ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210

(UNKNOWN)  AIXAPAR  IC55210

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209

(UNKNOWN)  AIXAPAR  IC55209

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208

(UNKNOWN)  AIXAPAR  IC55208

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207

(UNKNOWN)  AIXAPAR  IC55207

http://secunia.com/advisories/29272

(VENDOR_ADVISORY)  SECUNIA  29272

http://securityreason.com/securityalert/3749

(UNKNOWN)  SREASON  3749


漏洞信息

IBM Informix Dynamic Server多个远程溢出漏洞
高危 缓冲区溢出
2008-03-17 00:00:00 2008-09-05 00:00:00
远程
        IBM Informix Dynamic Server为企业提供运行业务所需的任务关键型数据基础设施。

(1)远程攻击者利用长密码执行任意代码(2)远程认证用户执行任意代码利用一个长的DBPATH值


公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55225

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55224

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210


漏洞信息 (F64554)

Zero Day Initiative Advisory 08-012 (PacketStormID:F64554)

2008-03-13 00:00:00
Tipping Point  zerodayinitiative.com

advisory,remote,overflow,arbitrary,tcp,code execution

CVE-2008-0727

[点击下载]

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM’s Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the supplied user password. An attacker can provide a overly long password and overflow a stack based buffer resulting in arbitrary code execution.

ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack 
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-012
March 13, 2008

-- CVE ID:
CVE-2008-0727

-- Affected Vendors:
IBM

-- Affected Products:
IBM Informix

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5725. 
For further product information on the TippingPoint IPS, visit:

    http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
systems with vulnerable installations of IBM's Informix Dynamic Server.
User interaction is not required to exploit this vulnerability.
Authentication is not required to exploit this vulnerability.

The specific flaw exists in the oninit.exe process that listens by
default on TCP port 1526. During authentication, the process does not
validate the length of the supplied user password. An attacker can
provide a overly long password and overflow a stack based buffer
resulting in arbitrary code execution.

-- Vendor Response:
IBM has issued an update to correct this vulnerability. More
details can be found at:

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209

-- Disclosure Timeline:
2007-11-07 - Vulnerability reported to vendor
2008-03-13 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Anonymous

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

    http://www.zerodayinitiative.com/advisories/disclosure_policy/

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any 
recipient is prohibited.  If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at [email protected]. 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


漏洞信息 (F64553)

Zero Day Initiative Advisory 08-011 (PacketStormID:F64553)

2008-03-13 00:00:00
Tipping Point  zerodayinitiative.com

advisory,remote,overflow,arbitrary,tcp,code execution

CVE-2008-0727

[点击下载]

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM’s Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is required in that an attacker must have database connection privileges. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the DBPATH variable. An attacker can provide a overly long variable name and overflow a global buffer, overwriting function pointers leading to arbitrary code execution.

ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow 
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-011
March 13, 2008

-- CVE ID:
CVE-2008-0727

-- Affected Vendors:
IBM

-- Affected Products:
IBM Informix

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 5723. 
For further product information on the TippingPoint IPS, visit:

    http://www.tippingpoint.com

-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
systems with vulnerable installations of IBM's Informix Dynamic Server.
User interaction is not required to exploit this vulnerability.
Authentication is required in that an attacker must have database
connection priviliges.

The specific flaw exists in the oninit.exe process that listens by
default on TCP port 1526. During authentication, the process does not
validate the length of the DBPATH variable. An attacker can provide a
overly long variable name and overflow a global buffer, overwriting
function pointers leading to arbitrary code execution.

-- Vendor Response:
IBM has issued an update to correct this vulnerability. More
details can be found at:

http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207

-- Disclosure Timeline:
2007-11-07 - Vulnerability reported to vendor
2008-03-13 - Coordinated public release of advisory

-- Credit:
This vulnerability was discovered by:
    * Anonymous

-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents 
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

    http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.

Our vulnerability disclosure policy is available online at:

    http://www.zerodayinitiative.com/advisories/disclosure_policy/

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any 
recipient is prohibited.  If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at [email protected]. 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


漏洞信息


42699
IBM Informix Dynamic Server oninit.exe Process DBPATH Variable handling Remote Overflow

Remote / Network Access

Input Manipulation
Loss of Integrity
Exploit Private


漏洞描述


时间线


2008-03-11

Unknow
Unknow Unknow


解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.


相关参考


漏洞作者

Unknown or Incomplete


漏洞信息

IBM Informix Dynamic Server Multiple Remote Vulnerabilities

Unknown

28198
Yes No
2008-03-11 12:00:00 2008-04-18 12:28:00

The vendor credits MWR InfoSecurity and Zero Day Initiative with the discovery of these vulnerabilities.


受影响的程序版本

IBM Informix IDS 9.40 .UC3

IBM Informix IDS 9.40 .UC2

IBM Informix IDS 9.40 .UC1

IBM Informix IDS 9.3

IBM Informix IDS 9.40.xD8

IBM Informix IDS 9.40.UC5

IBM Informix IDS 9.40.TC5

IBM Informix IDS 9.40

IBM Informix IDS 9.4

IBM Informix IDS 7.31 .xD9

IBM Informix IDS 7.31 .xD8

IBM Informix IDS 7.3

IBM Informix IDS 11.10.xC2

IBM Informix IDS 11.10

IBM Informix IDS 10.00.xC8

IBM Informix IDS 10.00.xC7W1

IBM Informix IDS 10.0.xC4

IBM Informix IDS 10.0 xC3

IBM Informix IDS 10.0


漏洞讨论

IBM Informix Dynamic Server is prone to multiple remote vulnerabilities:

– Two buffer-overflow vulnerabilities.
– An unspecified vulnerability when handling malformed packets.

An attacker can exploit these issues to execute arbitrary code with superuser privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions.


漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].


解决方案

The vendor released updates to address these issues. Please see the references for more information.


相关参考

赞(0) 打赏
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-0727-漏洞详情

评论 抢沙发

微慑信息网 专注工匠精神

微慑信息网-VulSee.com-关注前沿安全态势,聚合网络安全漏洞信息,分享安全文档案例

访问我们联系我们

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续提供更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫

微信扫一扫

登录

找回密码

注册