CVE-2007-3337 - wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Asso

CVE-2007-3337

Summary

wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.

References

Vulnerable Configurations

cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 16-10-2018 - 16:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	24585
bugtraq	20070625 Ingres wakeup setuid(ingres) file truncation
confirm	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451
misc	http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/
osvdb	37485
secunia	25756 25775
vupen	ADV-2007-2288 ADV-2007-2290

Last major update

16-10-2018 - 16:48

Published

22-06-2007 - 18:30

Last modified

16-10-2018 - 16:48