ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack
From: [email protected]
To: [email protected], [email protected]
Subject: ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack
Overflow Vulnerability
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 7.0.2 December 03, 2006
Message-ID: <OF250D69D6.796F6E34-ON8825740B.00726D9F-8625740B.00732B68@3com.com.>
Sender: [email protected]
Date: Thu, 13 Mar 2008 15:57:58 -0500
X-MIMETrack: Serialize by Router on USUT001/US/3Com(Release 6.5.5FP2|October 23, 2006) at
03/13/2008 01:58:01 PM,
Serialize complete at 03/13/2008 01:58:01 PM
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: base64
X-Virus-Scanned: antivirus-gw at tyumen.ru
WkRJLTA4LTAxMjogSUJNIEluZm9ybWl4IER5bmFtaWMgU2VydmVyIEF1dGhlbnRpY2F0aW9uIFBh
c3N3b3JkIFN0YWNrIA0KT3ZlcmZsb3cgVnVsbmVyYWJpbGl0eQ0KaHR0cDovL3d3dy56ZXJvZGF5
aW5pdGlhdGl2ZS5jb20vYWR2aXNvcmllcy9aREktMDgtMDEyDQpNYXJjaCAxMywgMjAwOA0KDQot
LSBDVkUgSUQ6DQpDVkUtMjAwOC0wNzI3DQoNCi0tIEFmZmVjdGVkIFZlbmRvcnM6DQpJQk0NCg0K
LS0gQWZmZWN0ZWQgUHJvZHVjdHM6DQpJQk0gSW5mb3JtaXgNCg0KLS0gVGlwcGluZ1BvaW50KFRN
KSBJUFMgQ3VzdG9tZXIgUHJvdGVjdGlvbjoNClRpcHBpbmdQb2ludCBJUFMgY3VzdG9tZXJzIGhh
dmUgYmVlbiBwcm90ZWN0ZWQgYWdhaW5zdCB0aGlzDQp2dWxuZXJhYmlsaXR5IGJ5IERpZ2l0YWwg
VmFjY2luZSBwcm90ZWN0aW9uIGZpbHRlciBJRCA1NzI1LiANCkZvciBmdXJ0aGVyIHByb2R1Y3Qg
aW5mb3JtYXRpb24gb24gdGhlIFRpcHBpbmdQb2ludCBJUFMsIHZpc2l0Og0KDQogICAgaHR0cDov
L3d3dy50aXBwaW5ncG9pbnQuY29tDQoNCi0tIFZ1bG5lcmFiaWxpdHkgRGV0YWlsczoNClRoaXMg
dnVsbmVyYWJpbGl0eSBhbGxvd3MgcmVtb3RlIGF0dGFja2VycyB0byBleGVjdXRlIGFyYml0cmFy
eSBjb2RlIG9uDQpzeXN0ZW1zIHdpdGggdnVsbmVyYWJsZSBpbnN0YWxsYXRpb25zIG9mIElCTSdz
IEluZm9ybWl4IER5bmFtaWMgU2VydmVyLg0KVXNlciBpbnRlcmFjdGlvbiBpcyBub3QgcmVxdWly
ZWQgdG8gZXhwbG9pdCB0aGlzIHZ1bG5lcmFiaWxpdHkuDQpBdXRoZW50aWNhdGlvbiBpcyBub3Qg
cmVxdWlyZWQgdG8gZXhwbG9pdCB0aGlzIHZ1bG5lcmFiaWxpdHkuDQoNClRoZSBzcGVjaWZpYyBm
bGF3IGV4aXN0cyBpbiB0aGUgb25pbml0LmV4ZSBwcm9jZXNzIHRoYXQgbGlzdGVucyBieQ0KZGVm
YXVsdCBvbiBUQ1AgcG9ydCAxNTI2LiBEdXJpbmcgYXV0aGVudGljYXRpb24sIHRoZSBwcm9jZXNz
IGRvZXMgbm90DQp2YWxpZGF0ZSB0aGUgbGVuZ3RoIG9mIHRoZSBzdXBwbGllZCB1c2VyIHBhc3N3
b3JkLiBBbiBhdHRhY2tlciBjYW4NCnByb3ZpZGUgYSBvdmVybHkgbG9uZyBwYXNzd29yZCBhbmQg
b3ZlcmZsb3cgYSBzdGFjayBiYXNlZCBidWZmZXINCnJlc3VsdGluZyBpbiBhcmJpdHJhcnkgY29k
ZSBleGVjdXRpb24uDQoNCi0tIFZlbmRvciBSZXNwb25zZToNCklCTSBoYXMgaXNzdWVkIGFuIHVw
ZGF0ZSB0byBjb3JyZWN0IHRoaXMgdnVsbmVyYWJpbGl0eS4gTW9yZQ0KZGV0YWlscyBjYW4gYmUg
Zm91bmQgYXQ6DQoNCmh0dHA6Ly93d3ctMS5pYm0uY29tL3N1cHBvcnQvZG9jdmlldy53c3M/dWlk
PXN3ZzFJQzU1MjEwDQpodHRwOi8vd3d3LTEuaWJtLmNvbS9zdXBwb3J0L2RvY3ZpZXcud3NzP3Vp
ZD1zd2cxSUM1NTIwOQ0KDQotLSBEaXNjbG9zdXJlIFRpbWVsaW5lOg0KMjAwNy0xMS0wNyAtIFZ1
bG5lcmFiaWxpdHkgcmVwb3J0ZWQgdG8gdmVuZG9yDQoyMDA4LTAzLTEzIC0gQ29vcmRpbmF0ZWQg
cHVibGljIHJlbGVhc2Ugb2YgYWR2aXNvcnkNCg0KLS0gQ3JlZGl0Og0KVGhpcyB2dWxuZXJhYmls
aXR5IHdhcyBkaXNjb3ZlcmVkIGJ5Og0KICAgICogQW5vbnltb3VzDQoNCi0tIEFib3V0IHRoZSBa
ZXJvIERheSBJbml0aWF0aXZlIChaREkpOg0KRXN0YWJsaXNoZWQgYnkgVGlwcGluZ1BvaW50LCBU
aGUgWmVybyBEYXkgSW5pdGlhdGl2ZSAoWkRJKSByZXByZXNlbnRzIA0KYSBiZXN0LW9mLWJyZWVk
IG1vZGVsIGZvciByZXdhcmRpbmcgc2VjdXJpdHkgcmVzZWFyY2hlcnMgZm9yIHJlc3BvbnNpYmx5
DQpkaXNjbG9zaW5nIGRpc2NvdmVyZWQgdnVsbmVyYWJpbGl0aWVzLg0KDQpSZXNlYXJjaGVycyBp
bnRlcmVzdGVkIGluIGdldHRpbmcgcGFpZCBmb3IgdGhlaXIgc2VjdXJpdHkgcmVzZWFyY2gNCnRo
cm91Z2ggdGhlIFpESSBjYW4gZmluZCBtb3JlIGluZm9ybWF0aW9uIGFuZCBzaWduLXVwIGF0Og0K
DQogICAgaHR0cDovL3d3dy56ZXJvZGF5aW5pdGlhdGl2ZS5jb20NCg0KVGhlIFpESSBpcyB1bmlx
dWUgaW4gaG93IHRoZSBhY3F1aXJlZCB2dWxuZXJhYmlsaXR5IGluZm9ybWF0aW9uIGlzDQp1c2Vk
LiBUaXBwaW5nUG9pbnQgZG9lcyBub3QgcmUtc2VsbCB0aGUgdnVsbmVyYWJpbGl0eSBkZXRhaWxz
IG9yIGFueQ0KZXhwbG9pdCBjb2RlLiBJbnN0ZWFkLCB1cG9uIG5vdGlmeWluZyB0aGUgYWZmZWN0
ZWQgcHJvZHVjdCB2ZW5kb3IsDQpUaXBwaW5nUG9pbnQgcHJvdmlkZXMgaXRzIGN1c3RvbWVycyB3
aXRoIHplcm8gZGF5IHByb3RlY3Rpb24gdGhyb3VnaA0KaXRzIGludHJ1c2lvbiBwcmV2ZW50aW9u
IHRlY2hub2xvZ3kuIEV4cGxpY2l0IGRldGFpbHMgcmVnYXJkaW5nIHRoZQ0Kc3BlY2lmaWNzIG9m
IHRoZSB2dWxuZXJhYmlsaXR5IGFyZSBub3QgZXhwb3NlZCB0byBhbnkgcGFydGllcyB1bnRpbA0K
YW4gb2ZmaWNpYWwgdmVuZG9yIHBhdGNoIGlzIHB1YmxpY2x5IGF2YWlsYWJsZS4gRnVydGhlcm1v
cmUsIHdpdGggdGhlDQphbHRydWlzdGljIGFpbSBvZiBoZWxwaW5nIHRvIHNlY3VyZSBhIGJyb2Fk
ZXIgdXNlciBiYXNlLCBUaXBwaW5nUG9pbnQNCnByb3ZpZGVzIHRoaXMgdnVsbmVyYWJpbGl0eSBp
bmZvcm1hdGlvbiBjb25maWRlbnRpYWxseSB0byBzZWN1cml0eQ0KdmVuZG9ycyAoaW5jbHVkaW5n
IGNvbXBldGl0b3JzKSB3aG8gaGF2ZSBhIHZ1bG5lcmFiaWxpdHkgcHJvdGVjdGlvbiBvcg0KbWl0
aWdhdGlvbiBwcm9kdWN0Lg0KDQpPdXIgdnVsbmVyYWJpbGl0eSBkaXNjbG9zdXJlIHBvbGljeSBp
cyBhdmFpbGFibGUgb25saW5lIGF0Og0KDQogICAgaHR0cDovL3d3dy56ZXJvZGF5aW5pdGlhdGl2
ZS5jb20vYWR2aXNvcmllcy9kaXNjbG9zdXJlX3BvbGljeS8NCg0KQ09ORklERU5USUFMSVRZIE5P
VElDRTogVGhpcyBlLW1haWwgbWVzc2FnZSwgaW5jbHVkaW5nIGFueSBhdHRhY2htZW50cywNCmlz
IGJlaW5nIHNlbnQgYnkgM0NvbSBmb3IgdGhlIHNvbGUgdXNlIG9mIHRoZSBpbnRlbmRlZCByZWNp
cGllbnQocykgYW5kDQptYXkgY29udGFpbiBjb25maWRlbnRpYWwsIHByb3ByaWV0YXJ5IGFuZC9v
ciBwcml2aWxlZ2VkIGluZm9ybWF0aW9uLg0KQW55IHVuYXV0aG9yaXplZCByZXZpZXcsIHVzZSwg
ZGlzY2xvc3VyZSBhbmQvb3IgZGlzdHJpYnV0aW9uIGJ5IGFueSANCnJlY2lwaWVudCBpcyBwcm9o
aWJpdGVkLiAgSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlDQpk
ZWxldGUgYW5kL29yIGRlc3Ryb3kgYWxsIGNvcGllcyBvZiB0aGlzIG1lc3NhZ2UgcmVnYXJkbGVz
cyBvZiBmb3JtIGFuZA0KYW55IGluY2x1ZGVkIGF0dGFjaG1lbnRzIGFuZCBub3RpZnkgM0NvbSBp
bW1lZGlhdGVseSBieSBjb250YWN0aW5nIHRoZQ0Kc2VuZGVyIHZpYSByZXBseSBlLW1haWwgb3Ig
Zm9yd2FyZGluZyB0byAzQ29tIGF0IHBvc3RtYXN0ZXJAM2NvbS5jb20uIA0K