CVE-2007-3336

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
http://osvdb.org/37486
http://secunia.com/advisories/25756 Vendor Advisory
http://secunia.com/advisories/25775 Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
http://www.securityfocus.com/archive/1/472193/100/0/threaded
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
http://osvdb.org/37486
http://secunia.com/advisories/25756 Vendor Advisory
http://secunia.com/advisories/25775 Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
http://www.securityfocus.com/archive/1/472193/100/0/threaded
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

History

21 Nov 2024, 00:32

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html - () http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html -
References () http://osvdb.org/37486 - () http://osvdb.org/37486 -
References () http://secunia.com/advisories/25756 - Vendor Advisory () http://secunia.com/advisories/25756 - Vendor Advisory
References () http://secunia.com/advisories/25775 - Vendor Advisory () http://secunia.com/advisories/25775 - Vendor Advisory
References () http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp - Patch () http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp - Patch
References () http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 - () http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 -
References () http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/ - () http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/ -
References () http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/ - () http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/ -
References () http://www.securityfocus.com/archive/1/472193/100/0/threaded - () http://www.securityfocus.com/archive/1/472193/100/0/threaded -
References () http://www.securityfocus.com/bid/24585 - () http://www.securityfocus.com/bid/24585 -
References () http://www.vupen.com/english/advisories/2007/2288 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2288 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2007/2290 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2290 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34993 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34993 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/35000 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/35000 -

Information

Published : 2007-06-22 18:30

Updated : 2024-11-21 00:32


NVD link : CVE-2007-3336

Mitre link : CVE-2007-3336

CVE.ORG link : CVE-2007-3336


JSON object : View

Products Affected

ingres

  • database_server