4.6
CVE-2008-3356
- EPSS 0.37%
- Veröffentlicht 05.08.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.291 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
http://secunia.com/advisories/31357
http://secunia.com/advisories/31398
http://securitytracker.com/id?1020613
http://www.ingres.com/support/security-alert-080108.php
http://www.securityfocus.com/archive/1/495177/100/0/threaded
http://www.securityfocus.com/bid/30512
http://www.vupen.com/english/advisories/2008/2292
http://www.vupen.com/english/advisories/2008/2313
https://exchange.xforce.ibmcloud.com/vulnerabilities/44177
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989