ByteOS Network

NVD Vulnerability Details :

CVE-2007-3336

Modified

Source-cve@mitre.org

Published At-22 Jun, 2007 | 18:30

Updated At-16 Oct, 2018 | 16:48

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

ingres>>database_server>>2.5

cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*

ingres>>database_server>>2.6

cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*

ingres>>database_server>>9.0.4

cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*

ingres>>database_server>>r3

cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html	cve@mitre.org	N/A
http://osvdb.org/37486	cve@mitre.org	N/A
http://secunia.com/advisories/25756	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/25775	cve@mitre.org	Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	cve@mitre.org	Patch
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778	cve@mitre.org	N/A
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/	cve@mitre.org	N/A
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/472193/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/24585	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2007/2288	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290	cve@mitre.org	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000	cve@mitre.org	N/A