Troubleshooting
Problem
Two possible security vulnerabilities have been identified with the installation scripts for IBM® Informix® Dynamic Server (IDS), IBM® Informix® Client Software Development Kit (CSDK), and IBM® Informix® Connect.
Symptom
The two possible vulnerabilities are:
- The default permissions of the installation scripts could allow an unprivileged user to insert code which could compromise security during installation.
- The installation process creates temporary files in the /tmp directory. It is possible for a user with access to /tmp to link to these files and thereby compromise security.
The APARs reported for these defects are:
Product installer | Install script | APAR ID |
IBM® Informix® Connect | installconn |
[{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0","Edition":"Workgroup;Enterprise;Express","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Informix Client Software Development Kit (CSDK)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0","Edition":"Workgroup;Enterprise;Express","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Informix Connect","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"2.9","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":null,"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"2.9","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
20 January 2022
UID
swg21247438