Lucene search

[email protected]CVE-2008-3357

HistoryAug 05, 2008 - 7:41 p.m.

CVE-2008-3357

2008-08-0519:41:00

CWE-426

[email protected]

web.nvd.nist.gov

cve

2008

3357

ingres

vulnerability

linux

hp-ux

shared library

pointer overwrite

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a “pointer overwrite vulnerability.”

CPENameOperatorVersion
actian:ingresactian ingreseq2.6
actian:ingresactian ingreseq9.0.4
actian:ingresactian ingreseq9.1.0

CPE	Name	Operator	Version
actian:ingres	actian ingres	eq	2.6
actian:ingres	actian ingres	eq	9.0.4
actian:ingres	actian ingres	eq	9.1.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=733

secunia.com/advisories/31357

secunia.com/advisories/31398

securitytracker.com/id?1020614

www.ingres.com/support/security-alert-080108.php

www.securityfocus.com/archive/1/495177/100/0/threaded

www.securityfocus.com/bid/30512

www.vupen.com/english/advisories/2008/2292

www.vupen.com/english/advisories/2008/2313

exchange.xforce.ibmcloud.com/vulnerabilities/44181

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-3357

cvelist1 prion1 securityvulns5 seebug1