CVE-2008-3357 - Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4),

CVE-2008-3357

Summary

Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. The security fixes are available and can be quickly applied with little to no anticipated impact to systems. Ingres customers with a current support contract can review the following knowledge base document for information on downloading the available fixes: http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl (ingres.com)

References

Vulnerable Configurations

cpe:2.3:a:actian:ingres:2.6:*:*:*:*:*:*:*
cpe:2.3:a:actian:ingres:2.6:*:*:*:*:*:*:*
cpe:2.3:a:actian:ingres:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:actian:ingres:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:actian:ingres:9.1.0:*:*:*:*:*:*:*
cpe:2.3:a:actian:ingres:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 28-09-2020 - 15:14)
Impact:
Exploitability:

CWE

CWE-426

CAPEC

Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	30512
bugtraq	20080806 CA Products That Embed Ingres Multiple Vulnerabilities
confirm	http://www.ingres.com/support/security-alert-080108.php https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
idefense	20080801 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability
sectrack	1020614
secunia	31357 31398
vupen	ADV-2008-2292 ADV-2008-2313
xf	ingres-ingvalidpw-code-execution(44181)

Last major update

28-09-2020 - 15:14

Published

05-08-2008 - 19:41

Last modified

28-09-2020 - 15:14