Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2007-3336

Published: 22/06/2007 Updated: 16/10/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Ingres

Vulnerability Summary

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote malicious users to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Vulnerable Product Search on Vulmon Subscribe to Product

ingres database server 9.0.4

ingres database server r3

ingres database server 2.5

ingres database server 2.6

Exploits

Exploit DB: CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)
# Exploit Title: Computer Associates Advantage Ingres 26 Multiple Buffer Overflow Vulnerabilities PoC # Date: 2010-08-14 # Author: @fdiskyou # e-mail: rui at deniableorg # Version: 26 # Tested on: Windows 2003 Server SP1 en # CVE: CVE-2007-3336 - CVE-2007-3338 # Notes: Fixed in the last version # iigcc - EDX holds a pointer that's overwritten a ...
Exploit DB: Computer Associates Advantage Ingres 2.6 Denial Of Service
Computer Associates Advantage Ingres version 26 suffers from multiple denial of service vulnerabilities ...

References

NVD-CWE-Otherhttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asphttp://archives.neohapsis.com/archives/bugtraq/2007-06/0302.htmlhttp://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778http://www.securityfocus.com/bid/24585http://secunia.com/advisories/25775http://secunia.com/advisories/25756http://www.vupen.com/english/advisories/2007/2288http://www.vupen.com/english/advisories/2007/2290http://osvdb.org/37486https://exchange.xforce.ibmcloud.com/vulnerabilities/35000https://exchange.xforce.ibmcloud.com/vulnerabilities/34993http://www.securityfocus.com/archive/1/472193/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/14646/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook