Troubleshooting
Problem
Two possible security vulnerabilities have been identified with the installation scripts for IBM® Informix® Dynamic Server (IDS), IBM® Informix® Client Software Development Kit (CSDK), and IBM® Informix® Connect.
Symptom
The two possible vulnerabilities are:
- The default permissions of the installation scripts could allow an unprivileged user to insert code which could compromise security during installation.
- The installation process creates temporary files in the /tmp directory. It is possible for a user with access to /tmp to link to these files and thereby compromise security.
The APARs reported for these defects are:
Product installer | Install script | APAR ID |
IBM® Informix® Connect | installconn |
Environment
The following products and operating systems are affected:
Product Name | Product Version(s) | Hardware Vendor | Operating System |
IBM® Informix® Dynamic Server | 10.00 | All | Unix, Linux |
IBM® Informix® Client SDK | 2.90 | All | Unix, Linux |
IBM® Informix® Connect | 2.90 | All | Unix, Linux |
Resolving The Problem
These defects are planned to be addressed in:
Product | Platform | Version |
IBM® Informix® Dynamic Server | Solaris Opteron, Linux zSeries | 10.00.xC5R1 |
IBM® Informix® Dynamic Server | All others | 10.00.xC6 |
IBM® Informix® CSDK | All | 2.90.xC4R1 |
IBM® Informix® Connect | All | 2.90.xC4R1 |
When released, contact your local technical support office for an upgrade to the version where the problem is addressed.
You can obtain current information about reported Informix APARs from any of the Informix Product Support Centers. To access one of the Informix Product Support Centers, visit the Informix Product Family Support page.
Important: To access APAR information, you must sign in using an IBM Registration ID. Your free ID is your single point of access to IBM web applications that use IBM Registration. If you are not currently registered, you can register now.
If you are interested in learning more about Authorized Program Analysis Reports, review the Technote: Informix APAR Information.
HOW TO AVOID THIS PROBLEM
- Change the permissions of the install script for your product to 755.
- Use the -log option when performing your product installation to redirect the temporary files created to a secure directory.
[{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0","Edition":"Workgroup;Enterprise;Express","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSGU8G","label":"Informix Servers"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Informix Client Software Development Kit (CSDK)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"10.0","Edition":"Workgroup;Enterprise;Express","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Informix Connect","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"2.9","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":null,"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"2.9","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
20 January 2022
UID
swg21247438