4.6

CVE-2008-3356

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IngresIngres Version2.6
IngresIngres Version2006 Update9.0.1
IngresIngres Version2006 Update9.0.4
IngresIngres Version2006 Updaterelease_1
IngresIngres Version2006 Updaterelease_2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.37% 0.291
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
http://secunia.com/advisories/31357
Vendor Advisory
http://secunia.com/advisories/31398
http://securitytracker.com/id?1020613
http://www.ingres.com/support/security-alert-080108.php
http://www.securityfocus.com/archive/1/495177/100/0/threaded
http://www.securityfocus.com/bid/30512
http://www.vupen.com/english/advisories/2008/2292
http://www.vupen.com/english/advisories/2008/2313
https://exchange.xforce.ibmcloud.com/vulnerabilities/44177
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989