8.2 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.736 High
EPSS
Percentile
98.0%
Multiple “pointer overwrite” vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
CPE | Name | Operator | Version |
---|---|---|---|
database_server | eq | 2.5 | |
database_server | eq | 2.6 | |
database_server | eq | 9.0.4 | |
database_server | eq | 3.0.114 |
archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
osvdb.org/37486
secunia.com/advisories/25756
secunia.com/advisories/25775
supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
www.securityfocus.com/archive/1/472193/100/0/threaded
www.securityfocus.com/bid/24585
www.vupen.com/english/advisories/2007/2288
www.vupen.com/english/advisories/2007/2290
exchange.xforce.ibmcloud.com/vulnerabilities/34993
exchange.xforce.ibmcloud.com/vulnerabilities/35000