IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Informix_dynamic_server | Ibm | 12.10-fc1 (including) | 12.10-fc1 (including) |
Informix_dynamic_server | Ibm | 12.10-fc10 (including) | 12.10-fc10 (including) |
Informix_dynamic_server | Ibm | 12.10-fc11 (including) | 12.10-fc11 (including) |
Informix_dynamic_server | Ibm | 12.10-fc12 (including) | 12.10-fc12 (including) |
Informix_dynamic_server | Ibm | 12.10-fc2 (including) | 12.10-fc2 (including) |
Informix_dynamic_server | Ibm | 12.10-fc3 (including) | 12.10-fc3 (including) |
Informix_dynamic_server | Ibm | 12.10-fc4 (including) | 12.10-fc4 (including) |
Informix_dynamic_server | Ibm | 12.10-fc5 (including) | 12.10-fc5 (including) |
Informix_dynamic_server | Ibm | 12.10-fc6 (including) | 12.10-fc6 (including) |
Informix_dynamic_server | Ibm | 12.10-fc7 (including) | 12.10-fc7 (including) |
Informix_dynamic_server | Ibm | 12.10-fc8 (including) | 12.10-fc8 (including) |
Informix_dynamic_server | Ibm | 12.10-fc9 (including) | 12.10-fc9 (including) |