QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3854

Published: Aug 17, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. NOTE: this issue is due to an incomplete fix for CVE-2006-3853.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060814 Error logging buffer overflow in Informix

mailing-list

x_refsource_BUGTRAQ

informix-long-username-bo(28381)

vdb-entry

x_refsource_XF

20060814 Informix - Discovery, Attack and Defense

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.