2.1

CVE-2007-3337

wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IngresDatabase Server Version2.5
IngresDatabase Server Version2.6
IngresDatabase Server Version9.0.4
IngresDatabase Server Versionr3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.272
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/25756
http://secunia.com/advisories/25775
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288
http://www.vupen.com/english/advisories/2007/2290
http://osvdb.org/37485
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451
http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/
http://www.securityfocus.com/archive/1/472200/100/0/threaded