|
Ingres database / CA security products multiple security vulnerabilities
updated since 22.06.2007 | | Published: |  | 24.12.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7841 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Multiple heap buffers overflows on TCP/10916 and TCP/10923 requests parsing. Local unauthorized files access with 'wakeup'. Buffer overflow in uuid_from_char() SQL function, privilege escalation. |
| Affected: |  | INGRES : Ingres Database 3.0 | | | | INGRES : Ingres 2006 | | | | INGRES : Ingres 2.6 | | | | INGRES : Ingres 2.5 | | CVE: |  | CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.) | | | | CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows attackers allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.) | | | | CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.) | | | | CVE-2007-3336 (Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.) | | | | CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.) |
| Original document |  | CA, [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability (24.12.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 1 (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres wakeup setuid(ingres) file truncation (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres stack overflow in uuid_from_char function (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres verifydb local stack overflow (26.06.2007) |
| | | NGSSoftware Insight Security Research Advisory (NISR), Ingres Unauthenticated Pointer Overwrite 2 (26.06.2007) |
| | | CA, [Full-disclosure] [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities (22.06.2007) |
| | | IDEFENSE, iDefense Security Advisory 06.21.07: Ingres Database Multiple Heap Corruption Vulnerabilities (22.06.2007) |
|
|
|
|
|
