cvelistv5 - CVE-2008-0369

CVE-2008-0369

Vulnerability from cvelistv5

Published

2008-01-18 23:00

Modified

2024-08-07 07:39

Severity ?

Summary

Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
cve@mitre.org	http://secunia.com/advisories/28534	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg27011556
cve@mitre.org	http://www.securityfocus.com/bid/27328
cve@mitre.org	http://www.securitytracker.com/id?1019237
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0169	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40009
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28534	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg27011556
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27328
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019237
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0169	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40009

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:35.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27328",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27328"
          },
          {
            "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
          },
          {
            "name": "28534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28534"
          },
          {
            "name": "ADV-2008-0169",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0169"
          },
          {
            "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
          },
          {
            "name": "1019237",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
          },
          {
            "name": "ibm-ids-sqlidebug-unspecified(40009)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
          },
          {
            "name": "IC54309",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27328",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27328"
        },
        {
          "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
        },
        {
          "name": "28534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28534"
        },
        {
          "name": "ADV-2008-0169",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0169"
        },
        {
          "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
        },
        {
          "name": "1019237",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
        },
        {
          "name": "ibm-ids-sqlidebug-unspecified(40009)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
        },
        {
          "name": "IC54309",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0369",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27328",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27328"
            },
            {
              "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
            },
            {
              "name": "28534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28534"
            },
            {
              "name": "ADV-2008-0169",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0169"
            },
            {
              "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
            },
            {
              "name": "1019237",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019237"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
            },
            {
              "name": "ibm-ids-sqlidebug-unspecified(40009)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
            },
            {
              "name": "IC54309",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0369",
    "datePublished": "2008-01-18T23:00:00",
    "dateReserved": "2008-01-18T00:00:00",
    "dateUpdated": "2024-08-07T07:39:35.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E67D2B80-49E9-4DDA-87A3-D145B9F49D10\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples programas no especificados en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permiten a usuarios locales crear archivos arbitrarios especificando el archivo de destino en la variable de entorno SQLIDEBUG, cuya propiedad es cambiada por el usuario que invoca los programas.\"}]",
      "id": "CVE-2008-0369",
      "lastModified": "2024-11-21T00:41:53.027",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-01-19T00:00:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28534\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg27011556\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27328\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019237\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0169\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39751\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40009\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28534\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg27011556\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0169\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/40009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0369\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-19T00:00:00.000\",\"lastModified\":\"2024-11-21T00:41:53.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples programas no especificados en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permiten a usuarios locales crear archivos arbitrarios especificando el archivo de destino en la variable de entorno SQLIDEBUG, cuya propiedad es cambiada por el usuario que invoca los programas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E67D2B80-49E9-4DDA-87A3-D145B9F49D10\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28534\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg27011556\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27328\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019237\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0169\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39751\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40009\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg27011556\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/40009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CVE-2008-0369

Vulnerability from fkie_nvd

Published

2008-01-19 00:00

Modified

2024-11-21 00:41

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
cve@mitre.org	http://secunia.com/advisories/28534	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg27011556
cve@mitre.org	http://www.securityfocus.com/bid/27328
cve@mitre.org	http://www.securitytracker.com/id?1019237
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0169	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/40009
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28534	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg27011556
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27328
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019237
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0169	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/40009

Impacted products

	Vendor	Product	Version
	ibm	informix_dynamic_server	10.00

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples programas no especificados en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permiten a usuarios locales crear archivos arbitrarios especificando el archivo de destino en la variable de entorno SQLIDEBUG, cuya propiedad es cambiada por el usuario que invoca los programas."
    }
  ],
  "id": "CVE-2008-0369",
  "lastModified": "2024-11-21T00:41:53.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-19T00:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-8hjg-x6x2-q33f

Vulnerability from github

Published

2022-05-01 23:29

Modified

2022-05-01 23:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0369"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-19T00:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.",
  "id": "GHSA-8hjg-x6x2-q33f",
  "modified": "2022-05-01T23:29:18Z",
  "published": "2022-05-01T23:29:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0369"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2008-0369

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-0369

Aliases

CVE-2008-0369

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0369",
    "description": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.",
    "id": "GSD-2008-0369"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0369"
      ],
      "details": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.",
      "id": "GSD-2008-0369",
      "modified": "2023-12-13T01:22:59.035085Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0369",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27328",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27328"
          },
          {
            "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
          },
          {
            "name": "28534",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28534"
          },
          {
            "name": "ADV-2008-0169",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0169"
          },
          {
            "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
          },
          {
            "name": "1019237",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019237"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
          },
          {
            "name": "ibm-ids-sqlidebug-unspecified(40009)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
          },
          {
            "name": "IC54309",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0369"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
            },
            {
              "name": "IC54309",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
            },
            {
              "name": "27328",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27328"
            },
            {
              "name": "28534",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28534"
            },
            {
              "name": "1019237",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019237"
            },
            {
              "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
            },
            {
              "name": "ADV-2008-0169",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0169"
            },
            {
              "name": "ibm-ids-sqlidebug-unspecified(40009)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
            },
            {
              "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-01-19T00:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-0369

Vulnerability from cvelistv5

CVE-2008-0369

Vulnerability from fkie_nvd

ghsa-8hjg-x6x2-q33f

Vulnerability from github

gsd-2008-0369

Vulnerability from gsd

Tags

Sightings

Nomenclature