CVE-2007-3336

CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Múltiples vulnerabilidades "pointer overwrite" en Ingres database server 2006 versiones 9.0.4, r3, 2.6 y 2.5, tal como se usa en varios productos de CA (anteriormente Computer Associates), permiten a los atacantes remotos ejecutar código arbitrario mediante el envío de ciertos datos TCP en diferentes momentos hacia Ingres Communications Server Process (iigcc), que llama a las funciones (1) QUinsert o (2) QUremove con entrada controlada por el atacante.

Computer Associates Advantage Ingres version 2.6 suffers from multiple denial of service vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-06-21 CVE Reserved
2007-06-22 CVE Published
2010-08-14 First Exploit
2024-08-07 CVE Updated
2024-09-25 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (15)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html	Mailing List
http://osvdb.org/37486	Vdb Entry
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778	X_refsource_confirm
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1	X_refsource_misc
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2	X_refsource_misc
http://www.securityfocus.com/archive/1/472193/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/24585	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/14646	2010-08-14

URL	Date	SRC
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	2018-10-16

URL	Date	SRC
http://secunia.com/advisories/25756	2018-10-16
http://secunia.com/advisories/25775	2018-10-16
http://www.vupen.com/english/advisories/2007/2288	2018-10-16
http://www.vupen.com/english/advisories/2007/2290	2018-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ingres Search vendor "Ingres"		Database Server Search vendor "Ingres" for product "Database Server"				2.5 Search vendor "Ingres" for product "Database Server" and version "2.5"		-		Affected
Ingres Search vendor "Ingres"		Database Server Search vendor "Ingres" for product "Database Server"				2.6 Search vendor "Ingres" for product "Database Server" and version "2.6"		-		Affected
Ingres Search vendor "Ingres"		Database Server Search vendor "Ingres" for product "Database Server"				9.0.4 Search vendor "Ingres" for product "Database Server" and version "9.0.4"		-		Affected
Ingres Search vendor "Ingres"		Database Server Search vendor "Ingres" for product "Database Server"				r3 Search vendor "Ingres" for product "Database Server" and version "r3"		-		Affected