VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 8, 2006· Updated Apr 16, 2026

CVE-2006-3857

CVE-2006-3857

Description

Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).

Affected products

11
  • IBM/Informix Dynamic Database Server11 versions
    cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc1:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:10.00.tc2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.tc5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:informix_dynamic_database_server:9.40.uc3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

19

News mentions

0

No linked articles in our index yet.