CVE-2007-3338

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
References
Link Resource
http://osvdb.org/37483
http://secunia.com/advisories/25756 Vendor Advisory
http://secunia.com/advisories/25775 Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/
http://www.securityfocus.com/archive/1/472194/100/0/threaded
http://www.securityfocus.com/archive/1/472197/100/0/threaded
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34995
https://exchange.xforce.ibmcloud.com/vulnerabilities/34998
http://osvdb.org/37483
http://secunia.com/advisories/25756 Vendor Advisory
http://secunia.com/advisories/25775 Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/
http://www.securityfocus.com/archive/1/472194/100/0/threaded
http://www.securityfocus.com/archive/1/472197/100/0/threaded
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34995
https://exchange.xforce.ibmcloud.com/vulnerabilities/34998
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

History

21 Nov 2024, 00:32

Type Values Removed Values Added
References () http://osvdb.org/37483 - () http://osvdb.org/37483 -
References () http://secunia.com/advisories/25756 - Vendor Advisory () http://secunia.com/advisories/25756 - Vendor Advisory
References () http://secunia.com/advisories/25775 - Vendor Advisory () http://secunia.com/advisories/25775 - Vendor Advisory
References () http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp - Patch () http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp - Patch
References () http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 - () http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 -
References () http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/ - () http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/ -
References () http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/ - () http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/ -
References () http://www.securityfocus.com/archive/1/472194/100/0/threaded - () http://www.securityfocus.com/archive/1/472194/100/0/threaded -
References () http://www.securityfocus.com/archive/1/472197/100/0/threaded - () http://www.securityfocus.com/archive/1/472197/100/0/threaded -
References () http://www.securityfocus.com/bid/24585 - () http://www.securityfocus.com/bid/24585 -
References () http://www.vupen.com/english/advisories/2007/2288 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2288 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2007/2290 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2290 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34995 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34995 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34998 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34998 -

Information

Published : 2007-06-22 18:30

Updated : 2024-11-21 00:32


NVD link : CVE-2007-3338

Mitre link : CVE-2007-3338

CVE.ORG link : CVE-2007-3338


JSON object : View

Products Affected

ingres

  • database_server
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer