CVE-2006-3857 (CNNVD-200608-109)
中文标题:
Informix Dynamic Server 多个SQL语句存在溢出漏洞
英文标题:
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.0...
漏洞描述
中文描述:
Informix Dynamic Server(IDS)是一款由IBM开发的数据库。 在SQL级别以下SQL语句存在溢出漏洞: SET DEBUG FILE IFX_FILE_TO_FILE FILETOCLOB LOTOFILE DBINFO 在协议级别以下C函数存在溢出: _sq_remview _sq_remproc _sq_remperms _sq_distfetch _sq_dcatalog 上述语句或函数都调用了getname()函数。该函数将源字符串拷贝到目标缓冲区,类似于strcpy()。 此外在协议级别上_sq_scroll和_sq_bbind函数中的空指针可能触发未处理的异常,导致拒绝服务。
英文描述:
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| ibm | informix_dynamic_database_server | 9.3 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.3:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.tc1 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc1:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.tc2 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc2:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.tc3 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc3:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.tc4 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc4:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.tc5 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.uc1 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.uc2 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 9.40.uc3 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 10.00.tc1 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc1:*:*:*:*:*:*:*
|
| ibm | informix_dynamic_database_server | 10.00.tc2 | - | - |
cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
AV:N/AC:L/Au:S/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2006-3857 |
2025-11-11 15:17:44 | 2025-11-11 07:32:36 |
| NVD | nvd_CVE-2006-3857 |
2025-11-11 14:51:50 | 2025-11-11 07:41:21 |
| CNNVD | cnnvd_CNNVD-200608-109 |
2025-11-11 15:08:52 | 2025-11-11 07:49:09 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200608-109
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 6.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:S/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 11
- data_sources: ['cve'] -> ['cve', 'nvd']