CVE-2007-3337

2007-06-2218:30:00

mitre

web.nvd.nist.gov

cve-2007-3337

ingres database server

symlink attack

file truncation

nvd

computer associates products

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

Percentile

5.1%

JSON

wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.

Affected configurations

Nvd

Node

ingresdatabase_serverMatch2.5

ingresdatabase_serverMatch2.6

ingresdatabase_serverMatch9.0.4

ingresdatabase_serverMatchr3

VendorProductVersionCPE
ingresdatabase_server2.5cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
ingresdatabase_server2.6cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
ingresdatabase_server9.0.4cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
ingresdatabase_serverr3cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ingres	database_server	2.5	cpe:2.3:a:ingres:database_server:2.5:::::::*
ingres	database_server	2.6	cpe:2.3:a:ingres:database_server:2.6:::::::*
ingres	database_server	9.0.4	cpe:2.3:a:ingres:database_server:9.0.4:::::::*
ingres	database_server	r3	cpe:2.3:a:ingres:database_server:r3:::::::*