VULHUB ™

Informix is an enterprise database software package designed for use on multiple platforms. It is distributed and maintained by IBM. The programs onbar_d, ondblog, and onsmsync create predictable files in the /tmp directory. Upon execution of any one of the three programs, files bar_dbug.log and bar_act.log are created in /tmp with root and informix read-write permissions. As these programs are setuid root, and setgid informix, it may be possible to overwrite root-owned files, resulting in a denial of service, and potentially an elevation of privileges.

Informix is an enterprise database software package designed for use on multiple platforms. It is distributed and maintained by IBM. The programs onbar_d, ondblog, and onsmsync create predictable files in the /tmp directory. Upon execution of any one of the three programs, files bar_dbug.log and bar_act.log are created in /tmp with root and informix read-write permissions. As these programs are setuid root, and setgid informix, it may be possible to overwrite root-owned files, resulting in a denial of service, and potentially an elevation of privileges.