Intrusion Prevention

IBM.Informix.Dynamic.Server.Authentication.Stack.Overflow

Description

This indicates an attack attempt against a buffer-overflow vulnerability in IBM's Informix Dynamic Server.
The vulnerability is caused by an input validation error in oninit.exe that can be triggered when processing an overly long password. It allows remote attackers to execute arbitrary code via a crafted request packet sent to TCP port 1526.

Affected Products

IBM Informix IDS 9.40 .UC3
IBM Informix IDS 9.40 .UC2
IBM Informix IDS 9.40 .UC1
IBM Informix IDS 9.3
IBM Informix IDS 9.40 xC7
IBM Informix IDS 9.40 .xD8
IBM Informix IDS 9.40 .UC5
IBM Informix IDS 9.40 .TC5
IBM Informix IDS 9.4
IBM Informix IDS 7.31 .xD9
IBM Informix IDS 7.31 .xD8
IBM Informix IDS 7.3
IBM Informix IDS 11.10.xC2
IBM Informix IDS 11.10
IBM Informix IDS 10.00.xC8
IBM Informix IDS 10.00.xC7W1
IBM Informix IDS 10.0 xC3
IBM Informix IDS 10.0 .xC4
IBM Informix IDS 10.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207

CVE References

CVE-2008-0727