VULHUB ™

Informix is an enterprise database distributed and maintained by IBM. A problem in the onsrvapd program included with the Informix SQL package makes it possible for a local user to overwrite root-owned files, and potentially gain elevated privileges. Upon execution, the onsrvapd program creates a world-writable file in /tmp using the name onsnmp.$HOSTNAME.log, where $HOSTNAME is the name of the system. Since onsrvapd is setuid root, this makes it possible for a local user to overwrite system files, resulting in a denial of service. This could also lead to elevated privileges, including root access.

Informix is an enterprise database distributed and maintained by IBM. A problem in the onsrvapd program included with the Informix SQL package makes it possible for a local user to overwrite root-owned files, and potentially gain elevated privileges. Upon execution, the onsrvapd program creates a world-writable file in /tmp using the name onsnmp.$HOSTNAME.log, where $HOSTNAME is the name of the system. Since onsrvapd is setuid root, this makes it possible for a local user to overwrite system files, resulting in a denial of service. This could also lead to elevated privileges, including root access.