Search criteria
12 vulnerabilities found for database_server by ingres
FKIE_CVE-2007-3336
Vulnerability from fkie_nvd - Published: 2007-06-22 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ingres | database_server | 2.5 | |
| ingres | database_server | 2.6 | |
| ingres | database_server | 9.0.4 | |
| ingres | database_server | r3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D23E67C-E964-4571-B6FA-DCC910FD2A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D77591-A8B7-4BAE-9761-CEB5A739A9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE10403-BEB4-4A63-BC0D-CC5803584F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "01A77427-8C8D-4ABD-8502-F40D704B5F8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades \"pointer overwrite\" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante el env\u00edo de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante."
}
],
"id": "CVE-2007-3336",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37486"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25775"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3337
Vulnerability from fkie_nvd - Published: 2007-06-22 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ingres | database_server | 2.5 | |
| ingres | database_server | 2.6 | |
| ingres | database_server | 9.0.4 | |
| ingres | database_server | r3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D23E67C-E964-4571-B6FA-DCC910FD2A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D77591-A8B7-4BAE-9761-CEB5A739A9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE10403-BEB4-4A63-BC0D-CC5803584F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "01A77427-8C8D-4ABD-8502-F40D704B5F8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
},
{
"lang": "es",
"value": "El inicio (wakeup) en la base de datos Ingres server 2006 9.0.4, r3, 2.6 y 2.5, tal y como se usa en los productos CA (Computer Associates), permite a usuarios locales truncar ficheros de su elecci\u00f3n mediante un ataque symlink (de enlaces simb\u00f3licos) en el fichero alarmwkp.def."
}
],
"id": "CVE-2007-3337",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37485"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25775"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3338
Vulnerability from fkie_nvd - Published: 2007-06-22 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ingres | database_server | 2.5 | |
| ingres | database_server | 2.6 | |
| ingres | database_server | 9.0.4 | |
| ingres | database_server | r3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D23E67C-E964-4571-B6FA-DCC910FD2A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D77591-A8B7-4BAE-9761-CEB5A739A9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE10403-BEB4-4A63-BC0D-CC5803584F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*",
"matchCriteriaId": "01A77427-8C8D-4ABD-8502-F40D704B5F8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n stack de la memoria en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (Computer Associates), permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de las funciones (1) uuid_from_char o (2) duve_get_args."
}
],
"id": "CVE-2007-3338",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37483"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25775"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3334
Vulnerability from fkie_nvd - Published: 2007-06-21 22:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | all_windows | * | |
| ca | etrust_secure_content_manager | 8.0 | |
| ingres | database_server | 3.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:database_server:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B836C674-BF4F-4D60-AA33-D778B712D3A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en los componentes (1) Communications Server (iigcc.exe) y (2) Data Access Server (iigcd.exe) para el Ingres Database Server 3.0.3, como el utilizado en los productos del CA (Computer Associates) incluyendo el eTrust Secure Content Manager r8 bajo Windows, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2007-3334",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-21T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37487"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37488"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25775"
},
{
"source": "cve@mitre.org",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018278"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-3337 (GCVE-0-2007-3337)
Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"refsource": "OSVDB",
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3337",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3338 (GCVE-0-2007-3338)
Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"refsource": "OSVDB",
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3338",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3336 (GCVE-0-2007-3336)
Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"refsource": "OSVDB",
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3336",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3334 (GCVE-0-2007-3334)
Vulnerability from cvelistv5 – Published: 2007-06-21 22:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"refsource": "OSVDB",
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"refsource": "OSVDB",
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3334",
"datePublished": "2007-06-21T22:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3337 (GCVE-0-2007-3337)
Vulnerability from nvd – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/"
},
{
"name": "37485",
"refsource": "OSVDB",
"url": "http://osvdb.org/37485"
},
{
"name": "20070625 Ingres wakeup setuid(ingres) file truncation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472200/100/0/threaded"
},
{
"name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3337",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3338 (GCVE-0-2007-3338)
Vulnerability from nvd – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070625 Ingres verifydb local stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472194/100/0/threaded"
},
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "ingres-uuidfromchar-bo(34995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34995"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "ingres-duvegetargs-bo(34998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34998"
},
{
"name": "20070625 Ingres stack overflow in uuid_from_char function",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472197/100/0/threaded"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/"
},
{
"name": "37483",
"refsource": "OSVDB",
"url": "http://osvdb.org/37483"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3338",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3336 (GCVE-0-2007-3336)
Vulnerability from nvd – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-unspecified-code-execution(34993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
},
{
"name": "ingres-pointer-code-execution(35000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
},
{
"name": "37486",
"refsource": "OSVDB",
"url": "http://osvdb.org/37486"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
},
{
"name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
},
{
"name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3336",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3334 (GCVE-0-2007-3334)
Vulnerability from nvd – Published: 2007-06-21 22:00 – Updated: 2024-08-07 14:14
VLAI?
Summary
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2288",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2288"
},
{
"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
"refsource": "CONFIRM",
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
},
{
"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
},
{
"name": "ingres-wakeup-privilege-escalation(35002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"
},
{
"name": "25756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25756"
},
{
"name": "25775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25775"
},
{
"name": "37488",
"refsource": "OSVDB",
"url": "http://osvdb.org/37488"
},
{
"name": "ADV-2007-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2290"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
},
{
"name": "ingres-communications-server-bo(34991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"
},
{
"name": "37487",
"refsource": "OSVDB",
"url": "http://osvdb.org/37487"
},
{
"name": "1018278",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018278"
},
{
"name": "ingres-data-access-server-bo(34992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"
},
{
"name": "24585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3334",
"datePublished": "2007-06-21T22:00:00",
"dateReserved": "2007-06-21T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}