10

CVE-2007-3336

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IngresDatabase Server Version2.5
IngresDatabase Server Version2.6
IngresDatabase Server Version9.0.4
IngresDatabase Server Versionr3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.96% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/25756
Vendor Advisory
http://secunia.com/advisories/25775
Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288
Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
http://osvdb.org/37486
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
http://www.securityfocus.com/archive/1/472193/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000