CVE-2007-3336

Description

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35000

https://exchange.xforce.ibmcloud.com/vulnerabilities/34993

http://www.vupen.com/english/advisories/2007/2290

http://www.vupen.com/english/advisories/2007/2288

http://www.securityfocus.com/bid/24585

http://www.securityfocus.com/archive/1/472193/100/0/threaded

http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/

http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778

http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp

http://secunia.com/advisories/25775

http://secunia.com/advisories/25756

http://osvdb.org/37486

http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS