Vulnerabilities > CVE-2007-3337 - Remote vulnerability in Ingress Database Server
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/92818/caadvantageingres-dos.txt |
| id | PACKETSTORM:92818 |
| last seen | 2016-12-05 |
| published | 2010-08-17 |
| reporter | fdisk |
| source | https://packetstormsecurity.com/files/92818/Computer-Associates-Advantage-Ingres-2.6-Denial-Of-Service.html |
| title | Computer Associates Advantage Ingres 2.6 Denial Of Service |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:83664 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-83664 |
| title | Ingress Database Server 2.6 - Multiple Remote Vulnerabilities |
References
- http://osvdb.org/37485
- http://secunia.com/advisories/25756
- http://secunia.com/advisories/25775
- http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
- http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451
- http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/
- http://www.securityfocus.com/archive/1/472200/100/0/threaded
- http://www.securityfocus.com/bid/24585
- http://www.vupen.com/english/advisories/2007/2288
- http://www.vupen.com/english/advisories/2007/2290