Several versions of the popular Informix database server from IBM contain two buffer overflow vulnerabilities that could lead to remote code execution. The problems affect eight different versions of the server and are present on Informix installations on all supported platforms.
A researcher at IOActive discovered the vulnerabilities, which lie in Informix servers running 11.50 prior to and including 11.50.xC9W2 of the software, as well as versions 11.70 prior to 11.70.xC7.
“IBM’s Informix database server contains two XML functions “genxmlqueryhdr” and “genxmlquery” that suffer from buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of arguments passed to the functions. Successful exploitation may allow execution of arbitrary code or cause denial of service (DoS) against the instance,” researcher Ariel Matias Sanchez of IOActive wrote in his advisory on the Informix vulnerabilities.
There are a couple of mitigating factors that make exploitation of the vulnerabilities more difficult for attackers. Most importantly, an attacker would need valid credentials on the database server. The attacker also would need CONNECT privileges on the server.
Several versions of the IBM Informix server are vulnerable to these vulnerabilities, including:
• IBM Informix Choice Edition
• IBM Informix Developer Edition
• IBM Informix Express Edition
• IBM Informix Growth Edition
• IBM Informix Growth Warehouse Edition
• IBM Informix Innovator-C Edition
• IBM Informix Ultimate Edition
• IBM Informix Ultimate Warehouse Edition
Users who are running vulnerable versions of the Informix server should upgrade to version 11.50.xC9W2; 11.70.xC7 or later.