IBM Support

Possible security vulnerabilities with Informix Dynamic Server, CSDK, and I-Connect product installers

Troubleshooting


Problem

Two possible security vulnerabilities have been identified with the installation scripts for IBM® Informix® Dynamic Server (IDS), IBM® Informix® Client Software Development Kit (CSDK), and IBM® Informix® Connect.

Symptom

The two possible vulnerabilities are:

  • The default permissions of the installation scripts could allow an unprivileged user to insert code which could compromise security during installation.
  • The installation process creates temporary files in the /tmp directory. It is possible for a user with access to /tmp to link to these files and thereby compromise security.

The APARs reported for these defects are:

Product installer
Install script
APAR ID
IBM® Informix® Connect
installconn

[{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0","Edition":"Workgroup;Enterprise;Express","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Informix Client Software Development Kit (CSDK)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0","Edition":"Workgroup;Enterprise;Express","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Informix Connect","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"2.9","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":null,"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"2.9","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
20 January 2022

UID

swg21247438