Informix Webdriver Local File Overwrite Vulnerability

A vulnerability exists in Informix Webdriver, a component of the popular Informix commercial database suite.

Webdriver reportedly uses insecure methods of temporary file creation.

Properly exploited, this can allow a malicious local user to successfully carry out a symlink attack, potentially overwriting arbitrary files owned or writeable by user 'nobody'. This can also permit defacement of websites where the affected HTML files are owned by user 'nobody'.

Further technical details of the vulnerability are not known.


 

Privacy Statement
Copyright 2010, SecurityFocus