// For flags

CVE-2007-3336

CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Múltiples vulnerabilidades "pointer overwrite" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario mediante el envío de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante.

Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-21 CVE Reserved
  • 2007-06-22 CVE Published
  • 2010-08-14 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-09-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ingres
Search vendor "Ingres"
Database Server
Search vendor "Ingres" for product "Database Server"
2.5
Search vendor "Ingres" for product "Database Server" and version "2.5"
-
Affected
Ingres
Search vendor "Ingres"
Database Server
Search vendor "Ingres" for product "Database Server"
2.6
Search vendor "Ingres" for product "Database Server" and version "2.6"
-
Affected
Ingres
Search vendor "Ingres"
Database Server
Search vendor "Ingres" for product "Database Server"
9.0.4
Search vendor "Ingres" for product "Database Server" and version "9.0.4"
-
Affected
Ingres
Search vendor "Ingres"
Database Server
Search vendor "Ingres" for product "Database Server"
r3
Search vendor "Ingres" for product "Database Server" and version "r3"
-
Affected