1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IBM Informix SETNET32 BO

Web Attack: IBM Informix SETNET32 BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability in IBM Informix by sending a specially crafted request

Additional Information

IBM Informix Client Software Development Kit (CSDK) and IBM Informix Connect contain APIs and libraries that are used to develop applications.

The products are prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Specifically, an integer overflow occurs when processing '.nfx' files that contain an overly large value for 'HostList' entry.

An attacker could exploit this issue by enticing an unsuspecting user to open a malicious '.nfx' file with the affected application.

Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of an affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects the following:

IBM Informix Client Software Development Kit (CSDK) 3.5
IBM Informix Connect 3.x

Other products that use the Setnet32 3.50.0.13752 utility may also be vulnerable.

Affected

  • IBM Informix CSDK 3.50
  • IBM Informix Connect 3.0

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube