CVE-2007-3336 - Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5,

CVE-2007-3336

Summary

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

References

Vulnerable Configurations

cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	24585
bugtraq	20070625 Ingres Unauthenticated Pointer Overwrite 1 20070625 Ingres Unauthenticated Pointer Overwrite 2
confirm	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
misc	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/ http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
osvdb	37486
secunia	25756 25775
vupen	ADV-2007-2288 ADV-2007-2290
xf	ingres-pointer-code-execution(35000) ingres-unspecified-code-execution(34993)

Last major update

16-10-2018 - 16:48

Published

22-06-2007 - 18:30

Last modified

16-10-2018 - 16:48