CVE-2006-5664 - Vulnerability Details - OpenCVE

The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Informix Client Sdk Informix Dynamic Server Informix I-connect

Configuration 1 [-]

OR	cpe:2.3:a:ibm:informix_client_sdk:2.90:::::::*
	cpe:2.3:a:ibm:informix_dynamic_server:10.00:::::::*
	cpe:2.3:a:ibm:informix_i-connect:2.90:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/22609
http://securitytracker.com/id?1017156
http://www-1.ibm.com/support/docview.wss?uid=swg21247438
http://www.vupen.com/english/advisories/2006/4280

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-03T01:00:00

Updated: 2024-08-07T19:55:54.057Z

Reserved: 2006-11-02T00:00:00

Link: CVE-2006-5664

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-11-03T01:07:00.000

Modified: 2024-11-21T00:20:07.317

Link: CVE-2006-5664

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to \"compromise security\" via a symlink attack on temporary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4280", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4280"}, {"name": "22609", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22609"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"}, {"name": "1017156", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017156"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to \"compromise security\" via a symlink attack on temporary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4280", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4280"}, {"name": "22609", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22609"}, {"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438", "refsource": "CONFIRM", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"}, {"name": "1017156", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017156"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:55:54.057Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4280", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4280"}, {"name": "22609", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22609"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"}, {"name": "1017156", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017156"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5664", "datePublished": "2006-11-03T01:00:00", "dateReserved": "2006-11-02T00:00:00", "dateUpdated": "2024-08-07T19:55:54.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:informix_client_sdk:2.90:*:*:*:*:*:*:*", "matchCriteriaId": "CBF7C636-610B-4B06-A95A-D8C0759F83CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*", "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:informix_i-connect:2.90:*:*:*:*:*:*:*", "matchCriteriaId": "4D8A3B85-A61C-4734-8DA0-F5E8AD64B592", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to \"compromise security\" via a symlink attack on temporary files."}, {"lang": "es", "value": "El script de instalaci\u00f3n en IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 permite a los usuarios locales \"comprometer la seguridad\" mediante un ataque de enlaces simb\u00f3licos sobre ficheros temporales."}], "id": "CVE-2006-5664", "lastModified": "2024-11-21T00:20:07.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-03T01:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22609"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017156"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22609"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4280"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}