iDefense Security Advisory 01.31.08 – Local exploitation of a file creation vulnerability in IBM Corp.’s Informix Dynamic Server allows attackers to elevate privileges to root. When the SQLIDEBUG environment variable is set, several set-uid binaries will log debugging information to the specified file. iDefense confirmed the existence of this vulnerability in IBM Corp.’s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/63237/01.31.08-1.txt
Source: https://packetstormsecurity.com/files/63237/iDEFENSE-Security-Advisory-2008-01-31.1.html