PROBLEM:
IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code
PLATFORM:
All IBM Informix versions 11.50 prior to and including 11.50.xC9W2 – all platforms
All IBM Informix versions 11.70 prior to 11.70.xC7 – all platforms
ABSTRACT:
A vulnerability was reported in IBM Informix.
REFERENCE LINKS:
IBM Security Bulletin: 1618994
SecurityTracker Alert ID: 1027849
CVE-2012-4857
IMPACT ASSESSMENT:
High
DISCUSSION:
IBM Informix is vulnerable to a buffer overflow caused by improper handling of unspecified SQL statements. A remote attacker with valid authentication credentials could exploit this vulnerability to crash the Informix database server or execute arbitrary code within Informix database server process.
IMPACT:
A remote authenticated user can execute arbitrary code on the target system.
SOLUTION:
Upgrade IBM Informix (later than 11.50.xC9W2; 11.70.xC7 or later).