Vulnerabilities > CVE-2007-3336 - Remote vulnerability in Ingress Database Server

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ingres
critical
exploit available

Summary

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Exploit-Db

descriptionCA Advantage Ingres 2.6 Multiple Buffer Overflow Vulnerabilities PoC. CVE-2007-3336,CVE-2007-3336. Dos exploit for windows platform
idEDB-ID:14646
last seen2016-02-01
modified2010-08-14
published2010-08-14
reporterfdiskyou
sourcehttps://www.exploit-db.com/download/14646/
titleCA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/92818/caadvantageingres-dos.txt
idPACKETSTORM:92818
last seen2016-12-05
published2010-08-17
reporterfdisk
sourcehttps://packetstormsecurity.com/files/92818/Computer-Associates-Advantage-Ingres-2.6-Denial-Of-Service.html
titleComputer Associates Advantage Ingres 2.6 Denial Of Service

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:69601
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-69601
    titleCA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:83664
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-83664
    titleIngress Database Server 2.6 - Multiple Remote Vulnerabilities