4.6

CVE-2008-3389

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IngresIngres Version2.6
   HpHp-ux
   LinuxLinux Kernel
IngresIngres Version2006 Update9.0.4
   HpHp-ux
   LinuxLinux Kernel
IngresIngres Version2006 Update9.1.0
   HpHp-ux
   LinuxLinux Kernel
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.353
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/31357
Third Party Advisory
http://secunia.com/advisories/31398
Third Party Advisory
http://www.ingres.com/support/security-alert-080108.php
Broken Link
http://www.securityfocus.com/archive/1/495177/100/0/threaded
http://www.securityfocus.com/bid/30512
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2292
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2313
Third Party Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732
Broken Link
http://securitytracker.com/id?1020615
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44179
Third Party Advisory
VDB Entry