CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
Vendor | Product | Version | CPE |
---|---|---|---|
ingres | database_server | 2.5 | cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:* |
ingres | database_server | 2.6 | cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:* |
ingres | database_server | 9.0.4 | cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:* |
ingres | database_server | r3 | cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:* |
osvdb.org/37485
secunia.com/advisories/25756
secunia.com/advisories/25775
supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451
www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-file-truncation/
www.securityfocus.com/archive/1/472200/100/0/threaded
www.securityfocus.com/bid/24585
www.vupen.com/english/advisories/2007/2288
www.vupen.com/english/advisories/2007/2290