4.6

CVE-2008-3356

EPSS 0.05%
Published 05.08.2008 19:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.

Affected products Warnungen 0 Metrics 2 CWE 0 References 14

Data is provided by the National Vulnerability Database (NVD)

Ingres ≫ Ingres Version2.6

Ingres ≫ Ingres Version2006 Update9.0.1

Ingres ≫ Ingres Version2006 Update9.0.4

Ingres ≫ Ingres Version2006 Updaterelease_1

Ingres ≫ Ingres Version2006 Updaterelease_2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.107

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731

http://secunia.com/advisories/31357

Vendor Advisory

http://secunia.com/advisories/31398

http://securitytracker.com/id?1020613

http://www.ingres.com/support/security-alert-080108.php

http://www.securityfocus.com/archive/1/495177/100/0/threaded

http://www.securityfocus.com/bid/30512

http://www.vupen.com/english/advisories/2008/2292

http://www.vupen.com/english/advisories/2008/2313

https://exchange.xforce.ibmcloud.com/vulnerabilities/44177

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

https://nvd.nist.gov/vuln/detail/CVE-2008-3356

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3356

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3356

EUVD