Vulnerabilities > CVE-2007-3336 - Remote vulnerability in Ingress Database Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | CA Advantage Ingres 2.6 Multiple Buffer Overflow Vulnerabilities PoC. CVE-2007-3336,CVE-2007-3336. Dos exploit for windows platform |
id | EDB-ID:14646 |
last seen | 2016-02-01 |
modified | 2010-08-14 |
published | 2010-08-14 |
reporter | fdiskyou |
source | https://www.exploit-db.com/download/14646/ |
title | CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC |
Packetstorm
data source | https://packetstormsecurity.com/files/download/92818/caadvantageingres-dos.txt |
id | PACKETSTORM:92818 |
last seen | 2016-12-05 |
published | 2010-08-17 |
reporter | fdisk |
source | https://packetstormsecurity.com/files/92818/Computer-Associates-Advantage-Ingres-2.6-Denial-Of-Service.html |
title | Computer Associates Advantage Ingres 2.6 Denial Of Service |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:69601 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-69601 title CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC bulletinFamily exploit description No description provided by source. id SSV:83664 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-83664 title Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
References
- http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
- http://osvdb.org/37486
- http://secunia.com/advisories/25756
- http://secunia.com/advisories/25775
- http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
- http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
- http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
- http://www.securityfocus.com/archive/1/472193/100/0/threaded
- http://www.securityfocus.com/bid/24585
- http://www.vupen.com/english/advisories/2007/2288
- http://www.vupen.com/english/advisories/2007/2290
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35000