Vulnerabilites related to ingres - ingres
Vulnerability from fkie_nvd
Published
2008-08-05 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*",
"matchCriteriaId": "708FD550-E400-4973-979B-3D9932EBFC80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la librer\u00eda libbecompat en Ingres 2.6, Ingres 2006 versi\u00f3n 1 (alias 9.0.4), y Ingres 2006 versi\u00f3n 2 (alias 9.1.0) en Linux y HP-UX que permite a los usuarios locales aumentar sus privilegios estableciendo un valor largo de una variable de entorno antes de ejecutar (1) verifydb, (2) iimerge, or (3) csreport."
}
],
"evaluatorImpact": "\"Exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the \"ingres\" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. \" (iDefense)",
"evaluatorSolution": "\"Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. The security fixes are available and can be quickly applied with little to no anticipated impact to systems.\r\n\r\nIngres customers with a current support contract can review the following knowledge base document for information on downloading the available fixes:\r\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\r\n\r\n(ingres.com)",
"id": "CVE-2008-3389",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-05T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31398"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/31398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-05 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.1:*:*:*:*:*:*",
"matchCriteriaId": "8CEFDCDD-7D4B-442C-8CD4-D22CA5F4DD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:release_1:*:*:*:*:*:*",
"matchCriteriaId": "A99FF96C-A88B-4AE2-BA8B-C16D2F88C606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:release_2:*:*:*:*:*:*",
"matchCriteriaId": "02D8FAC9-5887-4B0D-BB95-0704D763B6A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
},
{
"lang": "es",
"value": "verifydb en Ingres 2.6, Ingres 2006 versi\u00f3n 1 (alias 9.0.4), y Ingres 2006 versi\u00f3n 2 (alias 9.1.0) en Linux y otras plataformas Unix que establece la propiedad o permisos del archivo iivdb.log, sin verificar que es el archivo log propio de la aplicaci\u00f3n, lo que permite a los usuarios sobrescribir arbitrariamente archivos creando un enlace simb\u00f3lico con un nombre de archivo iivdb.log."
}
],
"evaluatorComment": "This vulnerability affects all platforms except VMS and Windows",
"evaluatorImpact": "\"Exploitation of this vulnerability allows an attacker to overwrite arbitrary files owned by the \"ingres\" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. \" (iDefense)\r\n\r\n",
"evaluatorSolution": "Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. The security fixes are available and can be quickly applied with little to no anticipated impact to systems. \r\n\r\nIngres customers with a current support contract can review the following knowledge base document for information on downloading the available fixes:\r\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\r\n\r\n(ingres.com)",
"id": "CVE-2008-3356",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-05T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31398"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020613"
},
{
"source": "cve@mitre.org",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"source": "cve@mitre.org",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-20 23:46
Modified
2025-04-09 00:30
Severity ?
Summary
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "43A75B42-4739-4E98-A6B9-704B51BD59EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
},
{
"lang": "es",
"value": "Ingres 2.5 y 2.6 para Windows, usados en m\u00faltiples productos CA y posiblemente otros, asigna los privilegios y la identidad de los usuarios para que sean la misma que el primer usuario, lo cual permite a atacantes remotos obtener privilegios."
}
],
"id": "CVE-2007-6334",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-20T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28183"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28187"
},
{
"source": "cve@mitre.org",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/39358"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/39358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4304"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-6334 (GCVE-0-2007-6334)
Vulnerability from cvelistv5
Published
2007-12-20 23:00
Modified
2024-08-07 16:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-4303",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/39358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-4303",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4303"
},
{
"name": "1019134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019134"
},
{
"name": "39358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/39358"
},
{
"name": "http://www.ingres.com/support/security-alertDec17.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alertDec17.php"
},
{
"name": "28187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28187"
},
{
"name": "26959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26959"
},
{
"name": "28183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28183"
},
{
"name": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"
},
{
"name": "ADV-2007-4304",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4304"
},
{
"name": "20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485448/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6334",
"datePublished": "2007-12-20T23:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3389 (GCVE-0-2008-3389)
Vulnerability from cvelistv5
Published
2008-08-05 19:20
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020615"
},
{
"name": "20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732"
},
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-libbecompat-bo(44179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44179"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3389",
"datePublished": "2008-08-05T19:20:00",
"dateReserved": "2008-07-30T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3356 (GCVE-0-2008-3356)
Vulnerability from cvelistv5
Published
2008-08-05 19:20
Modified
2024-08-07 09:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30512"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application\u0027s own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ingres.com/support/security-alert-080108.php",
"refsource": "CONFIRM",
"url": "http://www.ingres.com/support/security-alert-080108.php"
},
{
"name": "ADV-2008-2292",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2292"
},
{
"name": "31398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31398"
},
{
"name": "1020613",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020613"
},
{
"name": "ADV-2008-2313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2313"
},
{
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "ingres-verifydb-symlink(44177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
},
{
"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3356",
"datePublished": "2008-08-05T19:20:00",
"dateReserved": "2008-07-28T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}