IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |
Informix_dynamic_server | Ibm | 12.10 | 12.10 |