Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3357

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-3357
Last Modified 07 Mar 2011 10:10:39
Published 05 Aug 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3357

Summary

Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."

Vulnerable Systems

Application

  • Ingres 2.6

  • Ingres 2006


References

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

XF - ingres-ingvalidpw-code-execution(44181)

VUPEN - ADV-2008-2313

VUPEN - ADV-2008-2292

BID - 30512

BUGTRAQ - 20080806 CA Products That Embed Ingres Multiple Vulnerabilities

CONFIRM - http://www.ingres.com/support/security-alert-080108.php

SECTRACK - 1020614

SECUNIA - 31398

SECUNIA - 31357

IDEFENSE - 20080801 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability


Last Updated: 27 May 2016 10:48:10