10
CVE-2007-3336
- EPSS 8.96%
- Veröffentlicht 22.06.2007 18:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ingres ≫ Database Server Version2.5
Ingres ≫ Database Server Version2.6
Ingres ≫ Database Server Version9.0.4
Ingres ≫ Database Server Versionr3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.96% | 0.946 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/25756
http://secunia.com/advisories/25775
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288
http://www.vupen.com/english/advisories/2007/2290
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
http://osvdb.org/37486
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
http://www.securityfocus.com/archive/1/472193/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000