Informix Dynamic Server sqlexec password argument buffer overflow

Added: 05/09/2008
CVE: CVE-2008-0727
BID: 28198
OSVDB: 42701

Background

Informix Dynamic Server is a database solution from IBM. The oninit.exe process listens for connections on port 1526/TCP.

Problem

The oninit.exe process does not sufficiently check the length of command-line arguments passed to the sqlexec program. This allows remote attackers to execute commands by specifying a long, specially crafted password argument.

Resolution

Apply one of the updates referenced in ZDI-08-012.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-012/

Limitations

Exploit works on Informix Dynamic Server 10.00.TC3.

Platforms

Windows

Back to exploit index