All the vulnerabilites related to ingres - ingres
var-200808-0315
Vulnerability from variot
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service use thes Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "libbecompat" library that is used by several of the set-uid "ingres" utilities included with Ingres. When copying a user supplied environment variable into a fixed-size stack buffer, the library fails to check the length of the source string.
III. By itself, this vulnerability does not have very serious consequences.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3389 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux:
1. Log on to your system using the installation owner account and
make sure the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres system files
2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility
directories.
2. Change directory to the root directory of the Ingres
installation or use a previously created directory.
cd $II_SYSTEM/ingres
or
cd
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix:
1. Log in to the system as the installation owner and make sure
the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres home directory
2. PATH must include $II_SYSTEM/ingres/bin and
$II_SYSTEM/ingres/utility directories
3. Add $II_SYSTEM/ingres/lib to the shared library path
4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx'
2. Copy the downloaded update file to the /tmp directory and
uncompress
3. Read in the update file with the following commands:
umask 022
tar xf [update_file]
This creates a directory containing the distribution and
other files.
4. Stop all applications that may be connected to or using any of
the files in the Ingres instance.
5. Stop all Ingres processes with the ‘ingstop' utility:
ingstop
6. Important: Take an operating system backup of the
$II_SYSTEM/ingres directory and other DATA locations that you
may have elsewhere. Also, copy the
$II_SYSTEM/ingres/files/config.dat and
$II_SYSTEM/ingres/files/symbol.tbl files to a safe location to
ensure that the configuration can be restored.
7. From the root directory of the Ingres installation
($II_SYSTEM/ingres), run the following command:
tar xf /tmp/
Linux:
1. Log on to the machine as ‘root'.
2. Copy the downloaded build update file and to a previously
chosen directory and uncompress.
3. Read in the update file with the following command:
tar xf [update file]
This creates a directory containing rpm packages for all of
the Ingres tools.
4. Shut down any non-Ingres application(s) that may be connected
to or using any of the files in the specified Ingres instance.
5. Stop all Ingres processes with the ‘ingstop' utility:
ingstop
6. Important: Take an operating system backup of the
$II_SYSTEM/ingres directory and other DATA locations that you
may have elsewhere.
7. From the directory that was created in step 3, install the
update rpms with the following command:
rpm –Uvh *.rpm
If the following error is seen for either the
‘ca-ingres-documentation-3.0.3-103', the
‘ca-ingres-CATOSL-3.0.3-103' or the
‘ca-cs-utils-11.0.04348-0000' (or all of them) packages,
remove them from the directory containing the rpms and
re-run the above command:
package
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux:
1. Log on to your system using the installation owner account and
make sure the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres system files
2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility
directories.
2. Change directory to the root directory of the Ingres
installation or use a previously created directory.
cd $II_SYSTEM/ingres
or
cd
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
1) An error exists in the "verifydb" utility due to improperly changing permissions on files and having the setuid-bit set (owned by the "ingres" user). via a specially crafted environmental variable.
3) An error exists within the "ingvalidpw" utility due to being setuid "root" and loading shared libraries from a directory owned by the "ingres" user.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.8,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2006"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "hp-ux",
"scope": null,
"trust": 0.6,
"vendor": "hp",
"version": null
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-3389",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3389",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-050",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service use thes Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"libbecompat\" library that is used\nby several of the set-uid \"ingres\" utilities included with Ingres. When\ncopying a user supplied environment variable into a fixed-size stack\nbuffer, the library fails to check the length of the source string. \n\nIII. By itself,\nthis vulnerability does not have very serious consequences. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workaround for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3389 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n1) An error exists in the \"verifydb\" utility due to improperly\nchanging permissions on files and having the setuid-bit set (owned by\nthe \"ingres\" user). via a specially\ncrafted environmental variable. \n\n3) An error exists within the \"ingvalidpw\" utility due to being\nsetuid \"root\" and loading shared libraries from a directory owned by\nthe \"ingres\" user. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3389",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020615",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080801 INGRES DATABASE FOR LINUX LIBBECOMPAT STACK BASED BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080806 CA PRODUCTS THAT EMBED INGRES MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "44179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"id": "VAR-200808-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2023-12-18T12:23:10.035000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 2.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020615"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3389"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44179"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495177/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2313"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2292"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"date": "2008-08-04T19:10:47",
"db": "PACKETSTORM",
"id": "68785"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004693"
},
{
"date": "2018-10-11T20:48:12.193000",
"db": "NVD",
"id": "CVE-2008-3389"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68785"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Such as above Ingres Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004693"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-050"
}
],
"trust": 0.6
}
}
var-200808-0319
Vulnerability from variot
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability.". Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux:
1. Log on to your system using the installation owner account and
make sure the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres system files
2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility
directories.
2. Change directory to the root directory of the Ingres
installation or use a previously created directory.
cd $II_SYSTEM/ingres
or
cd
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix:
1. Log in to the system as the installation owner and make sure
the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres home directory
2. PATH must include $II_SYSTEM/ingres/bin and
$II_SYSTEM/ingres/utility directories
3. Add $II_SYSTEM/ingres/lib to the shared library path
4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx'
2. Copy the downloaded update file to the /tmp directory and
uncompress
3. Read in the update file with the following commands:
umask 022
tar xf [update_file]
This creates a directory containing the distribution and
other files.
4. Stop all applications that may be connected to or using any of
the files in the Ingres instance.
5. Stop all Ingres processes with the ‘ingstop' utility:
ingstop
6. Important: Take an operating system backup of the
$II_SYSTEM/ingres directory and other DATA locations that you
may have elsewhere. Also, copy the
$II_SYSTEM/ingres/files/config.dat and
$II_SYSTEM/ingres/files/symbol.tbl files to a safe location to
ensure that the configuration can be restored.
7. From the root directory of the Ingres installation
($II_SYSTEM/ingres), run the following command:
tar xf /tmp/
Linux:
1. Log on to the machine as ‘root'.
2. Copy the downloaded build update file and to a previously
chosen directory and uncompress.
3. Read in the update file with the following command:
tar xf [update file]
This creates a directory containing rpm packages for all of
the Ingres tools.
4. Shut down any non-Ingres application(s) that may be connected
to or using any of the files in the specified Ingres instance.
5. Stop all Ingres processes with the ‘ingstop' utility:
ingstop
6. Important: Take an operating system backup of the
$II_SYSTEM/ingres directory and other DATA locations that you
may have elsewhere.
7. From the directory that was created in step 3, install the
update rpms with the following command:
rpm –Uvh *.rpm
If the following error is seen for either the
‘ca-ingres-documentation-3.0.3-103', the
‘ca-ingres-CATOSL-3.0.3-103' or the
‘ca-cs-utils-11.0.04348-0000' (or all of them) packages,
remove them from the directory containing the rpms and
re-run the above command:
package
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux:
1. Log on to your system using the installation owner account and
make sure the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres system files
2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility
directories.
2. Change directory to the root directory of the Ingres
installation or use a previously created directory.
cd $II_SYSTEM/ingres
or
cd
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service use thes Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "ingvalidpw" utility included with Ingres database. This utility is used to verify a user's credentials, and is installed set-uid root. When loading shared libraries, the "ingvalidpw" program will load libraries from a directory owned by the "ingres" user.
III. By itself, this is not that serious of a vulnerability.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workarounds for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3357 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
1) An error exists in the "verifydb" utility due to improperly changing permissions on files and having the setuid-bit set (owned by the "ingres" user).
2) A boundary error exists within the "libbecompat" library that is used by several of the setuid "ingres" utilities. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted environmental variable.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "actian",
"version": "9.1.0"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "actian",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "actian",
"version": "9.0.4"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.6,
"vendor": "ingres",
"version": "2006"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:actian:ingres:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:actian:ingres:9.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:actian:ingres:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-3357",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3357",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-049",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a \"pointer overwrite vulnerability.\". Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service use thes Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"ingvalidpw\" utility included with\nIngres database. This utility is used to verify a user\u0027s credentials,\nand is installed set-uid root. When loading shared libraries, the\n\"ingvalidpw\" program will load libraries from a directory owned by the\n\"ingres\" user. \n\nIII. By itself, this is not that\nserious of a vulnerability. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workarounds for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3357 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n1) An error exists in the \"verifydb\" utility due to improperly\nchanging permissions on files and having the setuid-bit set (owned by\nthe \"ingres\" user). \n\n2) A boundary error exists within the \"libbecompat\" library that is\nused by several of the setuid \"ingres\" utilities. This can be\nexploited to cause a stack-based buffer overflow e.g. via a specially\ncrafted environmental variable. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3357",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020614",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68786",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"id": "VAR-200808-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2023-12-18T12:23:09.940000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 2.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020614"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44181"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3357"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T19:11:26",
"db": "PACKETSTORM",
"id": "68786"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004682"
},
{
"date": "2020-09-28T15:14:01.477000",
"db": "NVD",
"id": "CVE-2008-3357"
},
{
"date": "2020-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68786"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Such as above Ingres of ingvalidpw Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-049"
}
],
"trust": 0.6
}
}
var-200808-0318
Vulnerability from variot
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008
I. BACKGROUND
Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service uses the Ingres Database server. More information can be found on the vendor's website at the following URL.
http://ingres.com/downloads/prod-cert-download.php
II.
The vulnerability exists within the "verifydb" utility included with Ingres. It is used to cleanup unneeded files created in the database directory. This program has the set-uid bit set, and is owned by the "ingres" user.
The "verifydb" program improperly changes the permissions on files.
III. By itself, this vulnerability does not have very serious consequences.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
V. WORKAROUND
iDefense is currently unaware of any workaround for this issue.
VI. VENDOR RESPONSE
"This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6."
For more information, refer to Ingres' advisory at the following URL.
http://www.ingres.com/support/security-alert-080108.php
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3356 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2008 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition.
Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained.
Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11
Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms.
Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3
Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information.
For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z
HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z
HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z
Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z
Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z
Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z
Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z
Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z
Ingres r3 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux:
1. Log on to your system using the installation owner account and
make sure the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres system files
2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility
directories.
2. Change directory to the root directory of the Ingres
installation or use a previously created directory.
cd $II_SYSTEM/ingres
or
cd
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
Apply the build below that is listed for your platform (note that URLs may wrap):
AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar
HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar
HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar
Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz
Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz
Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz
Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz
Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz
Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz
Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar
Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar
Ingres r3 Build Install Steps (August 1, 2008)
Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup.
Unix:
1. Log in to the system as the installation owner and make sure
the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres home directory
2. PATH must include $II_SYSTEM/ingres/bin and
$II_SYSTEM/ingres/utility directories
3. Add $II_SYSTEM/ingres/lib to the shared library path
4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx'
2. Copy the downloaded update file to the /tmp directory and
uncompress
3. Read in the update file with the following commands:
umask 022
tar xf [update_file]
This creates a directory containing the distribution and
other files.
4. Stop all applications that may be connected to or using any of
the files in the Ingres instance.
5. Stop all Ingres processes with the ‘ingstop' utility:
ingstop
6. Important: Take an operating system backup of the
$II_SYSTEM/ingres directory and other DATA locations that you
may have elsewhere. Also, copy the
$II_SYSTEM/ingres/files/config.dat and
$II_SYSTEM/ingres/files/symbol.tbl files to a safe location to
ensure that the configuration can be restored.
7. From the root directory of the Ingres installation
($II_SYSTEM/ingres), run the following command:
tar xf /tmp/
Linux:
1. Log on to the machine as ‘root'.
2. Copy the downloaded build update file and to a previously
chosen directory and uncompress.
3. Read in the update file with the following command:
tar xf [update file]
This creates a directory containing rpm packages for all of
the Ingres tools.
4. Shut down any non-Ingres application(s) that may be connected
to or using any of the files in the specified Ingres instance.
5. Stop all Ingres processes with the ‘ingstop' utility:
ingstop
6. Important: Take an operating system backup of the
$II_SYSTEM/ingres directory and other DATA locations that you
may have elsewhere.
7. From the directory that was created in step 3, install the
update rpms with the following command:
rpm –Uvh *.rpm
If the following error is seen for either the
‘ca-ingres-documentation-3.0.3-103', the
‘ca-ingres-CATOSL-3.0.3-103' or the
‘ca-cs-utils-11.0.04348-0000' (or all of them) packages,
remove them from the directory containing the rpms and
re-run the above command:
package
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
Apply the update below that is listed for your platform (note that URLs may wrap):
AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z
AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z
HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3
HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z
HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z
HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z
HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z
Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z
Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z
Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z
Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z
Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z
Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z
Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z
Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008)
Unix/Linux:
1. Log on to your system using the installation owner account and
make sure the environment is set up correctly:
1. II_SYSTEM must be set to the Ingres system files
2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility
directories.
2. Change directory to the root directory of the Ingres
installation or use a previously created directory.
cd $II_SYSTEM/ingres
or
cd
How to determine if you are affected:
For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2
The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities.
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211)
Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support.
For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0
The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel
The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00)
Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/
TITLE: Ingres Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA31357
VERIFY ADVISORY: http://secunia.com/advisories/31357/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/
DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges.
2) A boundary error exists within the "libbecompat" library that is used by several of the setuid "ingres" utilities. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted environmental variable.
3) An error exists within the "ingvalidpw" utility due to being setuid "root" and loading shared libraries from a directory owned by the "ingres" user.
SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 2.4,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.6,
"vendor": "ingres",
"version": "2006"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2006 release 1"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "and 2006 release 2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20069.0.4"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "20060"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "0"
},
{
"model": "associates job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "12"
},
{
"model": "associates etrust audit/scc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2.1"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.2"
},
{
"model": "associates eem",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.2"
},
{
"model": "associates cleverpath aion bpm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.1"
},
{
"model": "associates ca arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for unix sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for unix sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates arcserve backup for linux sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup for linux ga",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:release_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:release_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2006:9.0.1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iDEFENSE",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-3356",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3356",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-048",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. Ingres Database is prone to multiple local vulnerabilities:\n- Multiple local privilege-escalation vulnerabilities\n- A vulnerability that may allow attackers to overwrite arbitrary files. \nLocal attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by \u0027Ingres\u0027 user. iDefense Security Advisory 08.01.08\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nAug 01, 2008\n\nI. BACKGROUND\n\nIngres Database is a database server used in several Computer\nAssociates\u0027 products. For example, CA Directory Service uses the Ingres\nDatabase server. More information can be found on the vendor\u0027s website\nat the following URL. \n\nhttp://ingres.com/downloads/prod-cert-download.php\n\nII. \n\nThe vulnerability exists within the \"verifydb\" utility included with\nIngres. It is used to cleanup unneeded files created in the database\ndirectory. This program has the set-uid bit set, and is owned by the\n\"ingres\" user. \n\nThe \"verifydb\" program improperly changes the permissions on files. \n\nIII. By itself, this\nvulnerability does not have very serious consequences. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Ingres\n2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other\nversions may also be affected. \n\nV. WORKAROUND\n\niDefense is currently unaware of any workaround for this issue. \n\nVI. VENDOR RESPONSE\n\n\"This problem has been identified and resolved by Ingres in the\nfollowing releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release\n1 (9.0.4), and Ingres 2.6.\"\n\nFor more information, refer to Ingres\u0027 advisory at the following URL. \n\nhttp://www.ingres.com/support/security-alert-080108.php\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3356 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n07/20/2007 Initial vendor response\n07/23/2007 Initial vendor notification\n08/01/2008 Coordinated public disclosure\n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2008 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \nTitle: CA Products That Embed Ingres Multiple Vulnerabilities\n\n\nCA Advisory Date: 2008-08-01\n\n\nReported By: iDefense Labs\n\n\nImpact: A remote attacker can execute arbitrary code, gain \nprivileges, or cause a denial of service condition. \n\n\nSummary: CA products that embed Ingres contain multiple \nvulnerabilities that can allow a remote attacker to execute \narbitrary code, gain privileges, or cause a denial of service \ncondition. These vulnerabilities exist in the products and on the \nplatforms listed below. These vulnerabilities do not impact any \nWindows-based Ingres installation. The first vulnerability, \nCVE-2008-3356, allows an unauthenticated attacker to potentially \nset the user and/or group ownership of a verifydb log file to be \nIngres allowing read/write permissions to both. The third \nvulnerability, CVE-2008-3389, allows an unauthenticated attacker \nto obtain ingres user privileges. However, when combined with the \nunsecured directory privileges vulnerability (CVE\u20132008-3357), root \nprivileges can be obtained. \n\n\nMitigating Factors: These vulnerabilities do not impact any \nWindows-based Ingres installation. \n\n\nSeverity: CA has given these vulnerabilities a High risk rating. \n\n\nAffected Products:\nAdmin r8.1 SP2\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nCA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3\nCA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nCleverPath Aion BPM r10.1, r10.2\nEEM 8.1, 8.2, 8.2.1\neTrust Audit/SCC 8.0 sp2\nIdentity Manager r12\nNSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11\nUnicenter Asset Management r11.1, r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r2.2, r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2\nUnicenter Software Delivery r11.1, r11.2\nUnicenter Workload Control Center r11\n\n\nAffected Platforms:\n1. Ingres verifydb file create permission override (CVE-2008-3356)\n This vulnerability impacts all platforms except Windows. \n2. Ingres un-secure directory privileges with utility ingvalidpw \n (CVE - 2008-3357)\n This vulnerability impacts only Linux and HP platforms. \n3. Ingres verifydb, iimerge, csreport buffer overflow \n (CVE-2008-3389)\n This vulnerability impacts only Linux and HP platforms. \n\n\nStatus and Recommendation:\nThe most prudent course of action for affected customers is to \ndownload and apply the corrective maintenance. However, updates \nare provided only for the following releases: 2.6 and r3\n\nImportant: Customers using products that embed an earlier version \nof Ingres r3 should upgrade Ingres to the release that is \ncurrently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX \nplatforms) before applying the maintenance updates. Please contact \nyour product\u0027s Technical Support team for more information. \n\nFor these products:\nAdmin r8.1 SP2\nCA ARCserve Backup for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX [3.0.3 (r64.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z\n\nHP-UX Itanium [3.0.3 (i64.hpu/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z\n\nHP-UX RISC [3.0.3 (hp2.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z\n\nLinux AMD [3.0.3 (a64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z\n\nLinux Intel 32bit [3.0.3 (int.lnx/103)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z\n\nLinux Itanium [3.0.3 (i64.lnx/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z\n\nSolaris SPARC [3.0.3 (su9.us5/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z\n\nSolaris x64/x86 [3.0.3 (a64.sol/211)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z\n\nIngres r3 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \u2018-m\u0027 \n flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nApply the build below that is listed for your platform (note that \nURLs may wrap):\n\nAIX\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar\n\nHP-UX Itanium\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar\n\nHP-UX RISC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar\n\nLinux AMD EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz\n\nLinux AMD II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz\n\nLinux Intel EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz\n\nLinux Intel II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz\n\nLinux Itanium EI build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz\n\nLinux Itanium II build\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz\n\nSolaris SPARC\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar\n\nSolaris x64/x86\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar\n\nIngres r3 Build Install Steps (August 1, 2008)\n\nImportant: Prior to installing the build, a full operating system \nbackup of the $II_SYSTEM/ingres directory on Unix/Linux and \n%II_SYSTEM%\\ingres directory on Windows must be taken with Ingres \ncompletely shut down. Also, a backup of any other DATA locations \nthat you may have must be taken, again with Ingres shut down. In \ncase there is a problem with the update install, this allows \nIngres to be restored from the backup. \n\nUnix:\n1. Log in to the system as the installation owner and make sure \n the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres home directory\n 2. PATH must include $II_SYSTEM/ingres/bin and \n $II_SYSTEM/ingres/utility directories\n 3. Add $II_SYSTEM/ingres/lib to the shared library path\n 4. Set TERM to \u2018vt100\u0027 and TERM_INGRES to \u2018vt100fx\u0027\n2. Copy the downloaded update file to the /tmp directory and \n uncompress\n3. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This creates a directory containing the distribution and \n other files. \n4. Stop all applications that may be connected to or using any of \n the files in the Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. Also, copy the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to \n ensure that the configuration can be restored. \n7. From the root directory of the Ingres installation \n ($II_SYSTEM/ingres), run the following command:\n tar xf /tmp/\u003cupdate_directory\u003e/ingres.tar install\n8. Run the following command:\n install/ingbuild\n9. The initial install screen appears. \n10. In the Distribution medium enter the full path to the \n \u2018ingres.tar\u0027 file (including the file) (See step 4). \n11. Choose PackageInstall from the list of installation options \n and then choose \u2018Stand alone DBMS Server\u0027 from the list of \n packages. Then choose ExpressInstall. \n12. Choose Yes in the pop-up screen and press Enter key. \n The install utility verifies that each component was \n transferred properly from the distribution medium. When this \n is finished (without errors), another pop-up screen for \n setting up the components comes up. \n13. Select Yes and press Enter key to go to the Setup program. \n14. Once the installation is complete, check the \n $II_SYSTEM/ingres/files/install.log for any errors. Also, \n check the $II_SYSTEM/ingres/version.rel file to verify the new \n build is referenced; this should show 3.0.3 for the build. \n15. If there are no errors, then restore the \n $II_SYSTEM/ingres/files/config.dat and \n $II_SYSTEM/ingres/files/symbol.tbl files from the copies made \n in step 6 to replace the existing files. \n16. Start Ingres using the \u2018ingstart\u0027 utility:\n ingstart\n17. Upgrade the databases in the installation to the new release \n level:\n upgradedb -all\n\nLinux:\n1. Log on to the machine as \u2018root\u0027. \n2. Copy the downloaded build update file and to a previously \n chosen directory and uncompress. \n3. Read in the update file with the following command:\n tar xf [update file]\n This creates a directory containing rpm packages for all of \n the Ingres tools. \n4. Shut down any non-Ingres application(s) that may be connected \n to or using any of the files in the specified Ingres instance. \n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Important: Take an operating system backup of the \n $II_SYSTEM/ingres directory and other DATA locations that you \n may have elsewhere. \n7. From the directory that was created in step 3, install the \n update rpms with the following command:\n rpm \u2013Uvh *.rpm\n If the following error is seen for either the \n \u2018ca-ingres-documentation-3.0.3-103\u0027, the \n \u2018ca-ingres-CATOSL-3.0.3-103\u0027 or the \n \u2018ca-cs-utils-11.0.04348-0000\u0027 (or all of them) packages,\n remove them from the directory containing the rpms and \n re-run the above command:\n package \u003cpackage-name\u003e is already installed\n8. If the installation finishes successfully, then log on as \n \u2018ingres\u0027 to the machine and start Ingres using the \u2018ingstart\u0027 \n utility:\n ingstart\n9. Upgrade \u2018mdb\u0027 database with the following command:\n upgradedb -all\n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nApply the update below that is listed for your platform (note that \nURLs may wrap):\n\nAIX 32bit [2.6/xxxx (rs4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z\n\nAIX 64bit [2.6/xxxx (r64.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z\n\nHP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3\nhttps://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n\nHP-UX Itanium [2.6/xxxx (i64.hpu/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z\n\nHP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z\n\nHP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z\n\nHP Tru64 UNIX [2.6/xxxx (axp.osf/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z\n\nLinux AMD64 [2.6/xxxx (a64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z\n\nLinux Intel 32bit [2.6/xxxx (int.lnx/00)LFS]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z\n\nLinux Itanium [2.6/xxxx (i64.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z\n\nLinux S/390 [2.6/xxxx (ibm.lnx/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z\n\nSolaris SPARC 32bit [2.6/xxxx (su4.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z\n\nSolaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z\n\nSolaris SPARC 64bit [2.6/xxxx (su9.us5/00)]\nftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z\n\nIngres 2.6 Vulnerability Updates Install Steps (August 1, 2008)\n\nUnix/Linux:\n1. Log on to your system using the installation owner account and \n make sure the environment is set up correctly:\n 1. II_SYSTEM must be set to the Ingres system files\n 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility \n directories. \n2. Change directory to the root directory of the Ingres \n installation or use a previously created directory. \n cd $II_SYSTEM/ingres\n or\n cd \u003cpatch_directory\u003e\n3. Copy the download maintenance update file in to the current \n directory and uncompress\n4. Read in the update file with the following commands:\n umask 022\n tar xf [update_file]\n This will create the directory:\n $II_SYSTEM/ingres/patchXXXXX\n or\n \u003cpatch_directory\u003e/patchXXXXX\n Note: \u2018XXXXX\u0027 in patchXXXXX refers to the update number\n5. Stop all Ingres processes with the \u2018ingstop\u0027 utility:\n ingstop\n6. Change directory to the patch directory:\n cd patchXXXXX\n7. Within the patch directory run the following command:\n ./utility/iiinstaller\n Please check the $II_SYSTEM/ingres/files/patch.log file to \n make sure the patch was applied successfully. Also check the \n $II_SYSTEM/ingres/version.rel to make sure the patch is \n referenced. \n Note: The patch can also be installed silently using the \n \u2018-m\u0027 flag with iiinstaller:\n ./utility/iiinstaller -m\n8. Once the patch install has been complete, re-link the iimerge \n binary with the following command:\n iilink\n9. Ingres can then be restarted with the \u2018ingstart\u0027 utility:\n ingstart\n\n\nHow to determine if you are affected:\n\nFor these products:\nAdmin r8.1 SP2\nARCserve for Linux r11.5 SP2/SP3\nCA Directory r8.1\nCA Job Management Option R11.0\nCA Single Sign-On r8.1\nEEM 8.2\nEEM 8.2.1\nIdentity Manager r12\nNSM r11\nUnicenter Asset Management r11.1\nUnicenter Asset Management r11.2\nUnicenter Remote Control r11.2\nUnicenter Service Catalog r11.1\nUnicenter Service Metric Analysis r11.1\nUnicenter ServicePlus Service Desk r11\nUnicenter ServicePlus Service Desk r11.1\nUnicenter ServicePlus Service Desk r11.2\nUnicenter Software Delivery r11.1\nUnicenter Software Delivery r11.2\nUnicenter Workload Control Center r11\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nNotes:\n1. You would need to install the Ingres build instead of the patch \n if either of the following is true:\n 1. If the Ingres release for your platform is not 3.0.3 in \n the release identifier\n or\n 2. The Ingres release is 3.0.3 but the build level is not \n 103 for Linux and 211 for all the Unix platforms. \n If either of the above is true then download and apply the \n latest build for your operating system(s). \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nAdvantage Data Transformer r2.2\nAllfusion Harvest Change Manager r7.1\nARCserve for Linux r11.5 GA/SP1\nCleverPath Aion BPM r10.1\nCleverPath Aion BPM r10.2\n\nThe maintenance updates are provided for the latest r3 builds \nsupported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX \nplatforms). If the build embedded is earlier than 3.0.3, it has \nto be upgraded to 3.0.3 to fix the vulnerabilities. \n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nHP Sparc 32/64bit II 3.0.3 (hp2.us5/211)\nHP Itanium II 3.0.3 (i64.hpu/211)\nIntel Solaris 32/64bit II 3.0.3 (a64.sol/211)\nAIX 32/64bit II 3.0.3 (r64.us5/211)\nSolaris 32/64bit II 3.0.3 (su9.us5/211)\nAMD Linux II 3.0.3 (a64.lnx/211)\nIntel Linux II 3.0.3 (int.lnx/103)\nItanium Linux II 3.0.3 (i64.lnx/211)\n\nImportant:\nFor Linux (AMD, Intel and Itanium) platforms, after applying the \nbuild provided on this page, please download and apply the \nmaintenance update. For the other platforms, the builds are \npatched to the latest maintenance update. \nNote:\n1. If the release you are using is already 3.0.3 build 103 on \n Linux and 3.0.3 build 211 on Unix, then download and install \n the maintenance update. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n\nFor these products:\nCA ARCserve Backup for Unix r11.1\nCA ARCserve Backup for Unix r11.5 GA/SP1/SP2\nCA ARCserve Backup for Unix r11.5 SP3\nCA ARCserve Backup for Linux r11.1\nEEM 8.1\neTrust Audit/SCC 8.0 sp2\nNSM 3.0 0305\nNSM 3.1 0403\nNSM r3.1 SP1 0703\nUnicenter Service Catalog r2.2\nUnicenter ServicePlus Service Desk 6.0\n\nThe Ingres release information is maintained in \n%II_SYSTEM%\\ingres\\version.rel:\n UNIX or Linux: cat version.rel\n\nThe release identifier will be as follows:\nOperating System Release identifier\nAIX 32bit II 2.6/xxxx (rs4.us5/00)\nAIX 64bit II 2.6/xxxx (r64.us5/00)\nHP-UX Itanium II 2.6/xxxx (i64.hpu/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)\nHP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL\nHP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00)\nHP Tru64 UNIX II 2.6/xxxx (axp.osf/00)\nLinux AMD64 II 2.6/xxxx (a64.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL\nLinux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS\nLinux Itanium II 2.6/xxxx (i64.lnx/00)\nLinux S/390 II 2.6/xxxx (ibm.lnx/00)\nSolaris SPARC 32bit II 2.6/xxxx (su4.us5/00)\nSolaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL\nSolaris SPARC 64bit II 2.6/xxxx (su9.us5/00)\n\nNote:\n1. If the Ingres release embedded in your product is not 2.6, \n please get the appropriate update here. \n2. If the OS platform you are running Ingres on is not listed, \n please contact Technical Support. \n3. For HP-UX platform with CA ARCserve Backup 11.1 or \n 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, \n RO01277:\n https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277\u0026os=HP\u0026actionID=3\n and follow the enclosed instructions to install the security \n patch. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for CA Products That Embed Ingres\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989\nSolution Document Reference APARs:\nRO01277 (ARCserve only)\nCA Security Response Blog posting:\nCA Products That Embed Ingres Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx\nReported By: \niDefense Labs\nIngres Database for Linux verifydb Insecure File Permissions \n Modification Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nIngres Database for Linux libbecompat Stack Based Buffer Overflow \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nIngres Database for Linux ingvalidpw Untrusted Library Path \n Vulnerability\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\nIngres\nSecurity Vulnerability Announcement as of August 01, 2008\nhttp://www.ingres.com/support/security-alert-080108.php\nCVE References:\nCVE-2008-3356 - Ingres verifydb file create permission override. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356\nCVE-2008-3357 - Ingres un-secure directory privileges with utility \n ingvalidpw. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357\nCVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. ----------------------------------------------------------------------\n\nWant a new job?\n\nhttp://secunia.com/secunia_security_specialist/\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\nInternational Partner Manager - Project Sales in the IT-Security\nIndustry:\nhttp://corporate.secunia.com/about_secunia/64/\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA31357\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31357/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nPrivilege escalation\n\nWHERE:\nLocal system\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\nIngres 2006 (9.x)\nhttp://secunia.com/product/14574/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ingres, which can be\nexploited by malicious, local users to gain escalated privileges. \n\n2) A boundary error exists within the \"libbecompat\" library that is\nused by several of the setuid \"ingres\" utilities. This can be\nexploited to cause a stack-based buffer overflow e.g. via a specially\ncrafted environmental variable. \n\n3) An error exists within the \"ingvalidpw\" utility due to being\nsetuid \"root\" and loading shared libraries from a directory owned by\nthe \"ingres\" user. \n\nSOLUTION:\nThe vendor has issued fixes. Please see the knowledge base document\n(customer login required). \nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nAn anonymous researcher, reported via iDefense. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alert-080108.php\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3356",
"trust": 2.9
},
{
"db": "BID",
"id": "30512",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "31398",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31357",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020613",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2292",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2008-2313",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681",
"trust": 0.8
},
{
"db": "IDEFENSE",
"id": "20080801 INGRES DATABASE FOR LINUX VERIFYDB INSECURE FILE PERMISSIONS MODIFICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "44177",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080806 CA PRODUCTS THAT EMBED INGRES MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "68784",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68897",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68816",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"id": "VAR-200808-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2023-12-18T12:23:09.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID=181989",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"trust": 2.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31357"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31398"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1020613"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/30512"
},
{
"trust": 1.5,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=181989"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3356"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3356"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44177"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495177/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2313"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2292"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
},
{
"trust": 0.5,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/495177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3356"
},
{
"trust": 0.2,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31357/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://ingres.com/downloads/prod-cert-download.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31398/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19467/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19468/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19466/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solndtls?aparno=ro01277\u0026os=hp\u0026actionid=3"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3389"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3357"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3389"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:416012+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
}
],
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "30512"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68872"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"date": "2008-08-04T19:09:54",
"db": "PACKETSTORM",
"id": "68784"
},
{
"date": "2008-08-08T18:43:59",
"db": "PACKETSTORM",
"id": "68897"
},
{
"date": "2008-08-06T21:42:18",
"db": "PACKETSTORM",
"id": "68872"
},
{
"date": "2008-08-04T23:14:27",
"db": "PACKETSTORM",
"id": "68816"
},
{
"date": "2008-08-05T19:41:00",
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"date": "2008-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-06T20:26:00",
"db": "BID",
"id": "30512"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004681"
},
{
"date": "2018-10-11T20:48:02.660000",
"db": "NVD",
"id": "CVE-2008-3356"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "30512"
},
{
"db": "PACKETSTORM",
"id": "68784"
},
{
"db": "PACKETSTORM",
"id": "68897"
},
{
"db": "PACKETSTORM",
"id": "68816"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Etc. Ingres of verifydb Vulnerable to overwriting arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-048"
}
],
"trust": 0.6
}
}
var-200712-0115
Vulnerability from variot
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. This issue affects Ingres 2.5 and 2.6 when running on Windows. NOTE: This issue does not affect the Ingres .NET data provider.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Ingres User Authentication Security Issue
SECUNIA ADVISORY ID: SA28187
VERIFY ADVISORY: http://secunia.com/advisories/28187/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
SOFTWARE: Ingres 2.x http://secunia.com/product/14576/
DESCRIPTION: A security issue has been reported in Ingres, which potentially can be exploited by malicious users to bypass certain security restrictions. and 2.6 on Windows.
SOLUTION: Apply fixes (requires login): http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alertDec17.php
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Title: [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability
CA Vuln ID (CAID): 35970
CA Advisory Date: 2007-12-19
Reported By: Ingres Corporation
Impact: Attacker can gain elevated privileges.
Summary: A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected. In all reported instances, the application (typically an ASP.NET application using the Ingres ODBC driver) was running on Microsoft IIS Web server, and with the Integrated Windows Authentication (IWA) option enabled. While IWA is not enabled by default, it is a commonly used option.
Mitigating Factors: The vulnerability exists only on Windows systems running Microsoft IIS Web server that have the Integrated Windows Authentication (IWA) option enabled.
Severity: CA has given this vulnerability a High risk rating.
Affected Products: All CA products that embed Ingres 2.5 and Ingres 2.6, and also run Microsoft IIS Web server with the Integrated Windows Authentication (IWA) option enabled.
Affected Platforms: Windows
Status and Recommendation (URLs may wrap):
Ingres has issued the following patches to address the
vulnerabilities.
Ingres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch
ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip
Ingres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch
ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip
Ingres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch
ftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip
Potential problems installing the patches:
While testing these patches, CA identified an install issue when
the user is presented with the option to make a backup of the
Ingres installation. In cases where a
How to determine if you are affected: Check the %II_SYSTEM%\ingres\version.rel file to identify the Ingres version. If the installed version of Ingres 2.6 is a Double-Byte version (should have DBL referenced), please download the 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch.
Workaround: None
References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ Important Security Notice for Customers Using Products that Embed Ingres on Microsoft Windows ONLY http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp Solution Document Reference APARs: N/A CA Security Response Blog posting: CA Products That Embed Ingres Authentication Vulnerability http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx CA Vuln ID (CAID): 35970 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970 Reported By: Ingres Corporation http://ingres.com/support/security.php http://ingres.com/support/security-alertDec17.php CVE References: CVE-2007-6334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334 OSVDB References: 39358 http://osvdb.org/39358
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: CA Products Ingres User Authentication Security Issue
SECUNIA ADVISORY ID: SA28183
VERIFY ADVISORY: http://secunia.com/advisories/28183/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Storage Command Center 11.x http://secunia.com/product/14581/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Enterprise Workbench 1.x http://secunia.com/product/14579/ CA AllFusion Enterprise Workbench 7.x http://secunia.com/product/14580/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA Embedded Entitlements Manager 8.x http://secunia.com/product/14582/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA Network Forensics 8.x http://secunia.com/product/14585/ CA Unicenter Advanced Systems Management 11.x http://secunia.com/product/14587/ CA Unicenter Asset Intelligence 11.x http://secunia.com/product/14588/ CA Unicenter Asset Management 11.x http://secunia.com/product/14589/ CA Unicenter Asset Portfolio Management 11.x http://secunia.com/product/7125/ CA Unicenter Database Command Center 11.x http://secunia.com/product/12928/ CA Unicenter Desktop and Server Management 11.x http://secunia.com/product/14590/ CA Unicenter Desktop Management Suite 11.x http://secunia.com/product/14591/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Job Management Option 11.x http://secunia.com/product/14592/ CA Unicenter Lightweight Portal 2.x http://secunia.com/product/14593/ CA Unicenter Management Portal 3.x http://secunia.com/product/3936/ CA Unicenter Network and Systems Management (NSM) 11.x http://secunia.com/product/14437/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Patch Management 11.x http://secunia.com/product/14595/ CA Unicenter Remote Control 11.x http://secunia.com/product/14596/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Service Accounting 11.x http://secunia.com/product/7127/ CA Unicenter Service Assure 11.x http://secunia.com/product/7128/ CA Unicenter Service Assure 2.x http://secunia.com/product/14597/ CA Unicenter Service Catalog 11.x http://secunia.com/product/7129/ CA Unicenter Service Delivery 11.x http://secunia.com/product/14598/ CA Unicenter Service Intelligence 11.x http://secunia.com/product/14599/ CA Unicenter Service Metric Analysis 11.x http://secunia.com/product/7126/ CA Unicenter Service Metric Analysis 3.x http://secunia.com/product/14600/ CA Unicenter ServicePlus Service Desk 11.x http://secunia.com/product/14602/ CA Unicenter ServicePlus Service Desk 5.x http://secunia.com/product/14601/ CA Unicenter ServicePlus Service Desk 6.x http://secunia.com/product/1684/ CA Unicenter Software Delivery 11.x http://secunia.com/product/7120/ CA Unicenter TNG 2.x http://secunia.com/product/3206/ CA Unicenter Web Services Distributed Management 3.x http://secunia.com/product/12199/ CA Unicenter Workload Control Center 1.x http://secunia.com/product/12932/ CA Wily SOA Manager 7.x http://secunia.com/product/14603/ eTrust Directory 8.x http://secunia.com/product/7114/ eTrust IAM Suite 8.x http://secunia.com/product/14583/ eTrust Identity Manager 8.x http://secunia.com/product/14584/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ eTrust Single Sign-On 7.x http://secunia.com/product/10747/ eTrust Web Access Control 1.x http://secunia.com/product/14586/
DESCRIPTION: A vulnerability has been reported in CA products, which can be exploited by malicious users to bypass certain security restrictions.
SOLUTION: Apply patches (see the vendor's advisory for more information)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "ingres",
"scope": "eq",
"trust": 1.0,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "ingres",
"scope": "eq",
"trust": 0.8,
"vendor": "ingres",
"version": "2.5 and 2.6"
},
{
"model": "windows nt",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter enterprise job manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates etrust admin sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup 11.5.sp3",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates allfusion enterprise workbench sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates etrust secure content manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter tng 2.4.2j",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter remote control sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter enterprise job manager sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates advantage plex for distributed systems",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates brightstor arcserve backup sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5.2"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1.1"
},
{
"model": "associates unicenter enterprise job manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter service intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter serviceplus service desk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates web service distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.50"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor arcserve backup 11.5.sp1",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates etrust single sign-on",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.01"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.6"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter desktop and server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter workload control center 1.0.sp4",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter job management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates cleverpath aion",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.0"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.3"
},
{
"model": "associates etrust audit sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates unicenter lightweight portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2"
},
{
"model": "associates etrust web access control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates web service distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.11"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.5"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5.1"
},
{
"model": "associates unicenter serviceplus service desk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates wily soa manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "database",
"scope": "eq",
"trust": 0.3,
"vendor": "ingres",
"version": "2.5"
},
{
"model": "associates allfusion enterprise workbench",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7"
},
{
"model": "associates unicenter asset intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates brightstor arcserve backup 11.5.sp2",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter management portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4"
},
{
"model": "associates unicenter service accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.5"
},
{
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter enterprise job manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter service assure",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1.2"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter workload control center sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1"
},
{
"model": "associates unicenter service accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.2"
},
{
"model": "associates allfusion harvest change manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "7.1"
},
{
"model": "associates unicenter enterprise job manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.1"
},
{
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates advantage data transformer",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service catalog",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0.1"
},
{
"model": "associates unicenter workload control center sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter database command center",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates etrust iam suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter patch management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter desktop management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter service metric analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates etrust admin sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates unicenter serviceplus service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11"
},
{
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bill Maimone",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-6334",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6334",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-299",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication. \nAttackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible. \nThis issue affects Ingres 2.5 and 2.6 when running on Windows. \nNOTE: This issue does not affect the Ingres .NET data provider. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nIngres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28187\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28187/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nIngres 2.x\nhttp://secunia.com/product/14576/\n\nDESCRIPTION:\nA security issue has been reported in Ingres, which potentially can\nbe exploited by malicious users to bypass certain security\nrestrictions. and 2.6 on Windows. \n\nSOLUTION:\nApply fixes (requires login):\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIngres:\nhttp://www.ingres.com/support/security-alertDec17.php\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nTitle: [CAID 35970]: CA Products That Embed Ingres Authentication \nVulnerability\n\nCA Vuln ID (CAID): 35970\n\nCA Advisory Date: 2007-12-19\n\nReported By: Ingres Corporation\n\nImpact: Attacker can gain elevated privileges. \n\nSummary: A potential vulnerability exists in the Ingres software \nthat is embedded in various CA products. This vulnerability exists \nonly on Ingres 2.5 and Ingres 2.6 on Windows, and does not \nmanifest itself on any Unix platform. Ingres r3 and Ingres 2006 \nare not affected. In all reported \ninstances, the application (typically an ASP.NET application using \nthe Ingres ODBC driver) was running on Microsoft IIS Web server, \nand with the Integrated Windows Authentication (IWA) option \nenabled. While IWA is not enabled by default, it is a commonly \nused option. \n\nMitigating Factors: The vulnerability exists only on Windows \nsystems running Microsoft IIS Web server that have the Integrated \nWindows Authentication (IWA) option enabled. \n\nSeverity: CA has given this vulnerability a High risk rating. \n\nAffected Products:\nAll CA products that embed Ingres 2.5 and Ingres 2.6, and also run \nMicrosoft IIS Web server with the Integrated Windows \nAuthentication (IWA) option enabled. \n\nAffected Platforms:\nWindows\n\nStatus and Recommendation (URLs may wrap):\nIngres has issued the following patches to address the \nvulnerabilities. \nIngres 2.6 Single-Byte patch - Ingres 2.6 Single-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12467-win-x86.zip\nIngres 2.6 Double-Byte patch- Ingres 2.6 Double-Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.6.0701.12473-win-x86-DBL.zip\nIngres 2.5 Single Byte Patch- Ingres 2.5 Single Byte patch\nftp://ftp.ca.com/caproducts/ips/MDB/Generic_Ingres/IIS_Vulnerability/patch-2.5.0605.12291-win-x86.zip\nPotential problems installing the patches:\nWhile testing these patches, CA identified an install issue when \nthe user is presented with the option to make a backup of the \nIngres installation. In cases where a \u003cspace\u003e is in the path, the \npath is not properly read. The backup does get taken and is by \ndefault stored in the %II_SYSTEM%\\ingres\\install\\backup directory. \nAdditionally, if the user happens to press the \"Set Directory\" \nbutton, the path will be displayed. Clicking \"ok\" will result in a \nmessage stating \"... spaces are not supported in paths... \". This \nalso is an error; pressing cancel will return the user to the \nfirst screen with the default path, and while the displayed path \nis terminated at a space, the actual path does work. To avoid this \nissue, use DOS 8.3 definitions (ex. C:\\progra~1\\CA\\ingres). \n\nHow to determine if you are affected:\nCheck the %II_SYSTEM%\\ingres\\version.rel file to identify the \nIngres version. If the installed version of Ingres 2.6 is a \nDouble-Byte version (should have DBL referenced), please download \nthe 2.6 Double-Byte patch. Otherwise, use the Single-Byte patch. \n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nImportant Security Notice for Customers Using Products that Embed \nIngres on Microsoft Windows ONLY\nhttp://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp\nSolution Document Reference APARs:\nN/A\nCA Security Response Blog posting:\nCA Products That Embed Ingres Authentication Vulnerability\nhttp://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx\nCA Vuln ID (CAID): 35970\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970\nReported By: \nIngres Corporation\nhttp://ingres.com/support/security.php\nhttp://ingres.com/support/security-alertDec17.php\nCVE References: CVE-2007-6334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6334\nOSVDB References: 39358\nhttp://osvdb.org/39358\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCA Products Ingres User Authentication Security Issue\n\nSECUNIA ADVISORY ID:\nSA28183\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28183/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Storage Command Center 11.x\nhttp://secunia.com/product/14581/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Enterprise Workbench 1.x\nhttp://secunia.com/product/14579/\nCA AllFusion Enterprise Workbench 7.x\nhttp://secunia.com/product/14580/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nCA CleverPath Aion 10.x\nhttp://secunia.com/product/5582/\nCA CleverPath Predictive Analysis Server 3.x\nhttp://secunia.com/product/5581/\nCA Embedded Entitlements Manager 8.x\nhttp://secunia.com/product/14582/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA Network Forensics 8.x\nhttp://secunia.com/product/14585/\nCA Unicenter Advanced Systems Management 11.x\nhttp://secunia.com/product/14587/\nCA Unicenter Asset Intelligence 11.x\nhttp://secunia.com/product/14588/\nCA Unicenter Asset Management 11.x\nhttp://secunia.com/product/14589/\nCA Unicenter Asset Portfolio Management 11.x\nhttp://secunia.com/product/7125/\nCA Unicenter Database Command Center 11.x\nhttp://secunia.com/product/12928/\nCA Unicenter Desktop and Server Management 11.x\nhttp://secunia.com/product/14590/\nCA Unicenter Desktop Management Suite 11.x\nhttp://secunia.com/product/14591/\nCA Unicenter Enterprise Job Manager 1.x\nhttp://secunia.com/product/5588/\nCA Unicenter Job Management Option 11.x\nhttp://secunia.com/product/14592/\nCA Unicenter Lightweight Portal 2.x\nhttp://secunia.com/product/14593/\nCA Unicenter Management Portal 3.x\nhttp://secunia.com/product/3936/\nCA Unicenter Network and Systems Management (NSM) 11.x\nhttp://secunia.com/product/14437/\nCA Unicenter Network and Systems Management (NSM) 3.x\nhttp://secunia.com/product/1683/\nCA Unicenter Patch Management 11.x\nhttp://secunia.com/product/14595/\nCA Unicenter Remote Control 11.x\nhttp://secunia.com/product/14596/\nCA Unicenter Remote Control 6.x\nhttp://secunia.com/product/2622/\nCA Unicenter Service Accounting 11.x\nhttp://secunia.com/product/7127/\nCA Unicenter Service Assure 11.x\nhttp://secunia.com/product/7128/\nCA Unicenter Service Assure 2.x\nhttp://secunia.com/product/14597/\nCA Unicenter Service Catalog 11.x\nhttp://secunia.com/product/7129/\nCA Unicenter Service Delivery 11.x\nhttp://secunia.com/product/14598/\nCA Unicenter Service Intelligence 11.x\nhttp://secunia.com/product/14599/\nCA Unicenter Service Metric Analysis 11.x\nhttp://secunia.com/product/7126/\nCA Unicenter Service Metric Analysis 3.x\nhttp://secunia.com/product/14600/\nCA Unicenter ServicePlus Service Desk 11.x\nhttp://secunia.com/product/14602/\nCA Unicenter ServicePlus Service Desk 5.x\nhttp://secunia.com/product/14601/\nCA Unicenter ServicePlus Service Desk 6.x\nhttp://secunia.com/product/1684/\nCA Unicenter Software Delivery 11.x\nhttp://secunia.com/product/7120/\nCA Unicenter TNG 2.x\nhttp://secunia.com/product/3206/\nCA Unicenter Web Services Distributed Management 3.x\nhttp://secunia.com/product/12199/\nCA Unicenter Workload Control Center 1.x\nhttp://secunia.com/product/12932/\nCA Wily SOA Manager 7.x\nhttp://secunia.com/product/14603/\neTrust Directory 8.x\nhttp://secunia.com/product/7114/\neTrust IAM Suite 8.x\nhttp://secunia.com/product/14583/\neTrust Identity Manager 8.x\nhttp://secunia.com/product/14584/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\neTrust Single Sign-On 7.x\nhttp://secunia.com/product/10747/\neTrust Web Access Control 1.x\nhttp://secunia.com/product/14586/\n\nDESCRIPTION:\nA vulnerability has been reported in CA products, which can be\nexploited by malicious users to bypass certain security\nrestrictions. \n\nSOLUTION:\nApply patches (see the vendor\u0027s advisory for more information)",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "BID",
"id": "26959"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6334",
"trust": 2.8
},
{
"db": "BID",
"id": "26959",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "28187",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "39358",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28183",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4303",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-4304",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1019134",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "11325",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071221 [CAID 35970]: CA PRODUCTS THAT EMBED INGRES AUTHENTICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "61984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61983",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"id": "VAR-200712-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.12878788
},
"last_update_date": "2023-12-18T13:58:17.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "contentID={EA69B32B-90DA-4BA6-A6A5-48C04C888524}",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid={ea69b32b-90da-4ba6-a6a5-48c04c888524}"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.ingres.com/support/security-alertdec17.php"
},
{
"trust": 2.1,
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28183"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28187"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/39358"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/26959"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1019134"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6334"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6334"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/485448/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4304"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4303"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11325"
},
{
"trust": 0.4,
"url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415703+htmpl=kt_document_view.htmpl"
},
{
"trust": 0.3,
"url": "http://www.ingres.com/"
},
{
"trust": 0.3,
"url": "/archive/1/485448"
},
{
"trust": 0.2,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/28187/"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.2,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14576/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2007/12/19.aspx"
},
{
"trust": 0.1,
"url": "http://ingres.com/support/security.php"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/39358"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35970"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://ingres.com/support/security-alertdec17.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6334"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14595/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7126/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14585/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/314/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12932/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14599/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14600/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3391/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12928/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7127/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14601/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14603/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28183/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14598/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7129/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14597/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14437/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14580/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14587/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3936/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7128/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14583/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14579/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3206/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5909/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2622/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1684/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12199/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7125/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7120/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14591/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/10747/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/313/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14593/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/7114/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14586/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
}
],
"sources": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "26959"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"db": "PACKETSTORM",
"id": "61984"
},
{
"db": "PACKETSTORM",
"id": "62040"
},
{
"db": "PACKETSTORM",
"id": "61983"
},
{
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-20T00:00:00",
"db": "BID",
"id": "26959"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"date": "2007-12-24T18:50:38",
"db": "PACKETSTORM",
"id": "61984"
},
{
"date": "2007-12-24T19:52:23",
"db": "PACKETSTORM",
"id": "62040"
},
{
"date": "2007-12-24T18:50:38",
"db": "PACKETSTORM",
"id": "61983"
},
{
"date": "2007-12-20T23:46:00",
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"date": "2007-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T09:28:00",
"db": "BID",
"id": "26959"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004712"
},
{
"date": "2018-10-15T21:52:10.500000",
"db": "NVD",
"id": "CVE-2007-6334"
},
{
"date": "2007-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Used in products Windows of Ingres Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-299"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*",
"matchCriteriaId": "708FD550-E400-4973-979B-3D9932EBFC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la librer\u00eda libbecompat en Ingres 2.6, Ingres 2006 versi\u00f3n 1 (alias 9.0.4), y Ingres 2006 versi\u00f3n 2 (alias 9.1.0) en Linux y HP-UX que permite a los usuarios locales aumentar sus privilegios estableciendo un valor largo de una variable de entorno antes de ejecutar (1) verifydb, (2) iimerge, or (3) csreport."
}
],
"evaluatorImpact": "\"Exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the \"ingres\" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. \" (iDefense)",
"evaluatorSolution": "\"Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. The security fixes are available and can be quickly applied with little to no anticipated impact to systems.\r\n\r\nIngres customers with a current support contract can review the following knowledge base document for information on downloading the available fixes:\r\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\r\n\r\n(ingres.com)",
"id": "CVE-2008-3389",
"lastModified": "2024-11-21T00:49:08.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-05T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31398"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.1:*:*:*:*:*:*",
"matchCriteriaId": "8CEFDCDD-7D4B-442C-8CD4-D22CA5F4DD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:release_1:*:*:*:*:*:*",
"matchCriteriaId": "A99FF96C-A88B-4AE2-BA8B-C16D2F88C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:release_2:*:*:*:*:*:*",
"matchCriteriaId": "02D8FAC9-5887-4B0D-BB95-0704D763B6A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
},
{
"lang": "es",
"value": "verifydb en Ingres 2.6, Ingres 2006 versi\u00f3n 1 (alias 9.0.4), y Ingres 2006 versi\u00f3n 2 (alias 9.1.0) en Linux y otras plataformas Unix que establece la propiedad o permisos del archivo iivdb.log, sin verificar que es el archivo log propio de la aplicaci\u00f3n, lo que permite a los usuarios sobrescribir arbitrariamente archivos creando un enlace simb\u00f3lico con un nombre de archivo iivdb.log."
}
],
"evaluatorComment": "This vulnerability affects all platforms except VMS and Windows",
"evaluatorImpact": "\"Exploitation of this vulnerability allows an attacker to overwrite arbitrary files owned by the \"ingres\" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. \" (iDefense)\r\n\r\n",
"evaluatorSolution": "Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. The security fixes are available and can be quickly applied with little to no anticipated impact to systems. \r\n\r\nIngres customers with a current support contract can review the following knowledge base document for information on downloading the available fixes:\r\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\r\n\r\n(ingres.com)",
"id": "CVE-2008-3356",
"lastModified": "2024-11-21T00:49:03.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-05T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31398"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020613"
},
{
"source": "cve@mitre.org",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"source": "cve@mitre.org",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "43A75B42-4739-4E98-A6B9-704B51BD59EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
},
{
"lang": "es",
"value": "Ingres 2.5 y 2.6 para Windows, usados en m\u00faltiples productos CA y posiblemente otros, asigna los privilegios y la identidad de los usuarios para que sean la misma que el primer usuario, lo cual permite a atacantes remotos obtener privilegios."
}
],
"id": "CVE-2007-6334",
"lastModified": "2024-11-21T00:39:53.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-20T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28183"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28187"
},
{
"source": "cve@mitre.org",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/39358"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/39358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4304"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2007-6334
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/4303 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1019134 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/39358 | vdb-entry, x_refsource_OSVDB | |
| http://www.ingres.com/support/security-alertDec17.php | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28187 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/26959 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28183 | third-party-advisory, x_refsource_SECUNIA | |
| http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/4304 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/485448/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39358"
},
{
"name": "http://www.ingres.com/support/security-alertDec17.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28183"
},
{
"name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6334",
"datePublished": "2007-12-20T23:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3389
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1020615 | vdb-entry, x_refsource_SECTRACK | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.ingres.com/support/security-alert-080108.php | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2292 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31398 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2313 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31357 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44179 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/495177/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/30512 | vdb-entry, x_refsource_BID | |
| https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3389",
"datePublished": "2008-08-05T19:20:00",
"dateReserved": "2008-07-30T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3356
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://www.ingres.com/support/security-alert-080108.php | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2292 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31398 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020613 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/2313 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31357 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44177 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/495177/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/30512 | vdb-entry, x_refsource_BID | |
| https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 | x_refsource_CONFIRM | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3356",
"datePublished": "2008-08-05T19:20:00",
"dateReserved": "2008-07-28T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}