Vulnerability Name:

CVE-2006-3856 (CCN-28131)

Assigned:2006-07-31
Published:2006-07-31
Updated:2018-10-17
Summary:IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
This vulnerability is addressed in the following product releases:
IBM, Informix IDS, 9.40 xC7
IBM, Informix IDS, 10.00 xC3
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-3856

Source: CCN
Type: SA21301
Informix Dynamic Server Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21301

Source: CCN
Type: Informix Web page
Security issues in IBM Informix Dynamic Server and IBM Informix Extended Parallel Server (XPS)

Source: CCN
Type: IBM Support Document 1242921
Security Vulnerabilities Addressed in Informix Dynamic Server

Source: CONFIRM
Type: Patch
http://www-1.ibm.com/support/docview.wss?uid=swg21242921

Source: MISC
Type: UNKNOWN
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf

Source: OSVDB
Type: UNKNOWN
27690

Source: CCN
Type: OSVDB ID: 27690
IBM Informix Dynamic Server Multiple Unspecified DoS

Source: BUGTRAQ
Type: UNKNOWN
20060814 Informix - Discovery, Attack and Defense

Source: BUGTRAQ
Type: UNKNOWN
20060814 Multiple Buffer Overflow Vulnerabilities in Informix

Source: BID
Type: Patch
19264

Source: CCN
Type: BID-19264
IBM Informix Dynamic Server Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-3077

Source: XF
Type: UNKNOWN
informix-unspecified-dos(28131)

Source: XF
Type: UNKNOWN
informix-unspecified-dos(28131)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:informix_dynamic_server:10.00.xc1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm informix dynamic server 9.4
    ibm informix dynamic server 9.40.tc5
    ibm informix dynamic server 9.40.uc1
    ibm informix dynamic server 9.40.uc2
    ibm informix dynamic server 9.40.uc3
    ibm informix dynamic server 9.40.uc5
    ibm informix dynamic server 9.40.xc5
    ibm informix dynamic server 10.0
    ibm informix dynamic server 10.0.xc1
    ibm informix dynamic server 9.40.xc5
    ibm informix dynamic server 10.00.xc1