4.6

CVE-2008-3356

EPSS 0.05%
Veröffentlicht 05.08.2008 19:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ingres ≫ Ingres Version2.6

Ingres ≫ Ingres Version2006 Update9.0.1

Ingres ≫ Ingres Version2006 Update9.0.4

Ingres ≫ Ingres Version2006 Updaterelease_1

Ingres ≫ Ingres Version2006 Updaterelease_2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731

http://secunia.com/advisories/31357

Vendor Advisory

http://secunia.com/advisories/31398

http://securitytracker.com/id?1020613

http://www.ingres.com/support/security-alert-080108.php

http://www.securityfocus.com/archive/1/495177/100/0/threaded

http://www.securityfocus.com/bid/30512

http://www.vupen.com/english/advisories/2008/2292

http://www.vupen.com/english/advisories/2008/2313

https://exchange.xforce.ibmcloud.com/vulnerabilities/44177

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

https://nvd.nist.gov/vuln/detail/CVE-2008-3356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3356

EUVD