CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-3336

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile8.33th
Published2007年6月22日
Last Modified2026年4月23日

Vulnerability Description

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Affected Platforms (CPE)

📦
Ingres

Database Server

= 2.5
📦
Ingres

Database Server

= 2.6
📦
Ingres

Database Server

= 9.0.4
📦
Ingres

Database Server

= r3

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
🔗 http://osvdb.org/37486
🔗 http://secunia.com/advisories/25756
🔗 http://secunia.com/advisories/25775
🔗 http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
🔗 http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
🔗 http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
🔗 http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/

関連する脆弱性情報

CVE-2020-2949310.0

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthentic...

CVE-2020-677910.0

Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 a...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-1999-000310.0

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).