cvelistv5 - cve-2007-3336

CVE-2007-3336 (GCVE-0-2007-3336)

Vulnerability from cvelistv5

Published

2007-06-22 18:00

Modified

2024-08-07 14:14

Severity ?

CWE

Summary

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2288	vdb-entry, x_refsource_VUPEN
	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778	x_refsource_CONFIRM
	http://secunia.com/advisories/25756	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/25775	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2290	vdb-entry, x_refsource_VUPEN
	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34993	vdb-entry, x_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilities/35000	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/24585	vdb-entry, x_refsource_BID
	http://osvdb.org/37486	vdb-entry, x_refsource_OSVDB
	http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/472193/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/	x_refsource_MISC
	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:14:12.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2288",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
          },
          {
            "name": "25756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25756"
          },
          {
            "name": "25775",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25775"
          },
          {
            "name": "ADV-2007-2290",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2290"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
          },
          {
            "name": "ingres-unspecified-code-execution(34993)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
          },
          {
            "name": "ingres-pointer-code-execution(35000)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
          },
          {
            "name": "24585",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24585"
          },
          {
            "name": "37486",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37486"
          },
          {
            "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
          },
          {
            "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2288",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
        },
        {
          "name": "25756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25756"
        },
        {
          "name": "25775",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25775"
        },
        {
          "name": "ADV-2007-2290",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2290"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
        },
        {
          "name": "ingres-unspecified-code-execution(34993)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
        },
        {
          "name": "ingres-pointer-code-execution(35000)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
        },
        {
          "name": "24585",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24585"
        },
        {
          "name": "37486",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37486"
        },
        {
          "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
        },
        {
          "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple \"pointer overwrite\" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2288",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2288"
            },
            {
              "name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778",
              "refsource": "CONFIRM",
              "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"
            },
            {
              "name": "25756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25756"
            },
            {
              "name": "25775",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25775"
            },
            {
              "name": "ADV-2007-2290",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2290"
            },
            {
              "name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp",
              "refsource": "CONFIRM",
              "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"
            },
            {
              "name": "ingres-unspecified-code-execution(34993)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34993"
            },
            {
              "name": "ingres-pointer-code-execution(35000)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35000"
            },
            {
              "name": "24585",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24585"
            },
            {
              "name": "37486",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37486"
            },
            {
              "name": "20070625 Ingres Unauthenticated Pointer Overwrite 1",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html"
            },
            {
              "name": "20070625 Ingres Unauthenticated Pointer Overwrite 2",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/472193/100/0/threaded"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/"
            },
            {
              "name": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/",
              "refsource": "MISC",
              "url": "http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3336",
    "datePublished": "2007-06-22T18:00:00.000Z",
    "dateReserved": "2007-06-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:14:12.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-275

Vulnerability from certfr_avis

De multiples vulnérabilités affectant la base de données Ingres permettent l'exécution de code arbitraire à distance.

Description

Sept vulnérabilités affectant la base de données Ingres ont été rendues publiques. Plusieurs de ces vulnérabilités permettent l'exécution de code arbitraire à distance, sans authentification préalable. L'exploitation d'une de ces vulnérabilités se fait par l'intermédiaire de paquets malformés envoyés aux services iigcc (port 10916/tcp) et iigcd (port 10923/tcp).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Ingres 2006 version 9.0.4 ;
Ingres r3 ;
Ingres 2.6 ;
Ingres 2.5.

Les versions vulnérables d'Ingres sont intégrées dans les produits suivants :

Advantage Data Transformer r2.2 ;
AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 ;
AllFusion Harvest Change Manager r7, r7.1 ;
BrightStor ARCserve Backup v9 (Linux seulement), r11.1, r11.5 (Unix, Linux et Mainframe Linux) ;
BrightStor ARCserve Backup for Laptops and Desktops r11.5 ;
BrightStor Enterprise Backup (Unix seulement) t10.5 ;
BrightStor Storage Command Center r11.5 ;
BrightStor Storage Resource Manager r11.5 ;
CleverPath Aio Business Rules Expert r10.1 ;
CleverPath Predictive Analysis Server r3 ;
DocServer 1.1 ;
eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 ;
eTrust Audit r8 SP2 ;
eTrust Directory r8.1 ;
eTrust IAM Suite r8.0 ;
eTrust IAM Toolkit r8.0, r8.1 ;
eTrust Identity Manager r8.1 ;
eTrust Network Forensics r8.1 ;
eTrust Secure Content Manager r8 ;
eTrust Single Sign-On r7, r8, r8.1 ;
eTrust Web Access Control 1.0 ;
Unicenter Advanced Systems Management r11 ;
Unicenter Asset Intelligence r11 ;
Unicenter Asset Portfolio Management r11 r2.1, r11.3 ;
Unicenter CCS r11 ;
Unicenter Database Command Center r11.1 ;
Unicenter Desktop and Server Management r11 ;
Unicenter Desktop Management Suite r11 ;
Unicenter Enterprise Job Manager r1 SP3, r1 SP4 ;
Unicenter Job Management Option r11 ;
Unicenter Lightweight Portal 2 ;
Unicenter Management Portal r3.1.1 ;
Unicenter Network and Systems Management r3.0, r11 ;
Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305, r3.1 0403, r11.0 ;
Unicenter Patch Management r11 ;
Unicenter Remote Control 6, r11 ;
Unicenter Service Accounting r11, r11.1 ;
Unicenter Service Assure r2.2, r11, r11.1 ;
Unicenter Service Catalog r11, r11.1 ;
Unicenter Service Delivery r11.0, r11.1 ;
Unicenter Service Intelligence r11 ;
Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 ;
Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11, r11.1, r11.2 ;
Unicenter Software Delivery r11 ;
Unicenter TNG 2.4, 2.4.2, 2.4.2J ;
Unicenter Workload Control Center r1 SP3, r1 SP4 ;
Unicenter Web Services Distributed Management 3.11, 3.50 ;
Wily SOA Manager 7.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité Computer Associates du 21 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eIngres 2006 version 9.0.4 ;\u003c/LI\u003e    \u003cLI\u003eIngres r3 ;\u003c/LI\u003e    \u003cLI\u003eIngres 2.6 ;\u003c/LI\u003e    \u003cLI\u003eIngres 2.5.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLes versions vuln\u00e9rables d\u0027\u003cSPAN class=\"textit\"\u003eIngres\u003c/SPAN\u003e  sont int\u00e9gr\u00e9es dans les produits suivants :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eAdvantage Data Transformer r2.2 ;\u003c/LI\u003e    \u003cLI\u003eAllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1    ;\u003c/LI\u003e    \u003cLI\u003eAllFusion Harvest Change Manager r7, r7.1 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCserve Backup v9 (Linux seulement), r11.1,    r11.5 (Unix, Linux et Mainframe Linux) ;\u003c/LI\u003e    \u003cLI\u003eBrightStor ARCserve Backup for Laptops and Desktops r11.5    ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Enterprise Backup (Unix seulement) t10.5 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Storage Command Center r11.5 ;\u003c/LI\u003e    \u003cLI\u003eBrightStor Storage Resource Manager r11.5 ;\u003c/LI\u003e    \u003cLI\u003eCleverPath Aio Business Rules Expert r10.1 ;\u003c/LI\u003e    \u003cLI\u003eCleverPath Predictive Analysis Server r3 ;\u003c/LI\u003e    \u003cLI\u003eDocServer 1.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Audit r8 SP2 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Directory r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust IAM Suite r8.0 ;\u003c/LI\u003e    \u003cLI\u003eeTrust IAM Toolkit r8.0, r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Identity Manager r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Network Forensics r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Secure Content Manager r8 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Single Sign-On r7, r8, r8.1 ;\u003c/LI\u003e    \u003cLI\u003eeTrust Web Access Control 1.0 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Advanced Systems Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Asset Intelligence r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Asset Portfolio Management r11 r2.1, r11.3 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter CCS r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Database Command Center r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Desktop and Server Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Desktop Management Suite r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Enterprise Job Manager r1 SP3, r1 SP4 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Job Management Option r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Lightweight Portal 2 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Management Portal r3.1.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Network and Systems Management r3.0, r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Network and Systems Management - Tiered - Multi    Platform r3.0 0305, r3.1 0403, r11.0 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Patch Management r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Remote Control 6, r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Accounting r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Assure r2.2, r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Catalog r11, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Delivery r11.0, r11.1 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Intelligence r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1    ;\u003c/LI\u003e    \u003cLI\u003eUnicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1,    r11, r11.1, r11.2 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Software Delivery r11 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter TNG 2.4, 2.4.2, 2.4.2J ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Workload Control Center r1 SP3, r1 SP4 ;\u003c/LI\u003e    \u003cLI\u003eUnicenter Web Services Distributed Management 3.11, 3.50    ;\u003c/LI\u003e    \u003cLI\u003eWily SOA Manager 7.1.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nSept vuln\u00e9rabilit\u00e9s affectant la base de donn\u00e9es Ingres ont \u00e9t\u00e9 rendues\npubliques. Plusieurs de ces vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance, sans authentification pr\u00e9alable.\nL\u0027exploitation d\u0027une de ces vuln\u00e9rabilit\u00e9s se fait par l\u0027interm\u00e9diaire\nde paquets malform\u00e9s envoy\u00e9s aux services iigcc (port 10916/tcp) et\niigcd (port 10923/tcp).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-3338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3338"
    },
    {
      "name": "CVE-2007-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3334"
    },
    {
      "name": "CVE-2007-3337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3337"
    },
    {
      "name": "CVE-2007-3336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3336"
    }
  ],
  "initial_release_date": "2007-06-22T00:00:00",
  "last_revision_date": "2007-06-25T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-275",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-22T00:00:00.000000"
    },
    {
      "description": "ajout des produits affect\u00e9s int\u00e9grant une version vuln\u00e9rable d\u0027Ingres, ajout des r\u00e9f\u00e9rences CVE et d\u0027un bulletin de s\u00e9curit\u00e9 Computer Associates.",
      "revision_date": "2007-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant la base de donn\u00e9es \u003cspan\nclass=\"textit\"\u003eIngres\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Ingres",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Computer Associates du 21 juin 2007",
      "url": "http://www.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=145778"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3336 (GCVE-0-2007-3336)

Vulnerability from cvelistv5

CERTA-2007-AVI-275

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature