SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes six (6) vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool.

IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing (OLTP) data server for enterprise and workgroup computing.

IBM Informix Dynamic Server has many features that cater to a variety of user groups, including developers and administrators. One of the strong features of IDS is the low administration cost. IDS is well known for its hands-free administration. To make server administration even easier, a new open source, platform-independent tool called OpenAdmin Tool (OAT) is now available to IDS users. The OAT includes a graphical interface for administrative tasks and performance analysis tools.

Vulnerabilities:

  1. Unauthentication static PHP code injection that leads to remote code execution
  2. Heap buffer overflow
  3. Remote DLL Injection that leads to remote code execution (1)
  4. Remote DLL Injection that leads to remote code execution (2)
  5. Remote DLL Injection that leads to remote code execution (3)
  6. Remote DLL Injection that leads to remote code execution (4)

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
IBM has released patches to address those vulnerabilities and issued the following CVE’s:

  • CVE-2016-2183
  • CVE-2017-1092

For more Information – http://www-01.ibm.com/support/docview.wss?uid=swg22002897

Continue reading SSD Advisory – IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities