Vigil@nce: Informix Dynamic Server denial, of service via JDBC
October 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use a long password in order to stop Informix
Dynamic Server.
Severity: 2/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/09/2009
IMPACTED PRODUCTS
– IBM Informix Dynamic Server
DESCRIPTION OF THE VULNERABILITY
A Java application can access to Informix Dynamic Server via JDBC
(Java DataBase Connectivity).
However, when the user enters a password longer than 512
characters, an assertion error or a fatal error stops the service.
An attacker can therefore use a long password in order to stop
Informix Dynamic Server.
CHARACTERISTICS
Identifiers: BID-36538, CVE-2009-3470, IC61195, VIGILANCE-VUL-9059
http://vigilance.fr/vulnerability/Informix-Dynamic-Server-denial-of-service-via-JDBC-9059