Lucene search

PRIOn knowledge basePRION:CVE-2008-3389

HistoryAug 05, 2008 - 7:41 p.m.

Stack overflow

2008-08-0519:41:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.

CPENameOperatorVersion
ingreseq2.6
ingreseq2006 9.0.4
ingreseq2006 9.1.0

Name	Operator	Version
ingres	eq	2.6
ingres	eq	2006 9.0.4
ingres	eq	2006 9.1.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=732

secunia.com/advisories/31357

secunia.com/advisories/31398

securitytracker.com/id?1020615

www.ingres.com/support/security-alert-080108.php

www.securityfocus.com/archive/1/495177/100/0/threaded

www.securityfocus.com/bid/30512

www.vupen.com/english/advisories/2008/2292

www.vupen.com/english/advisories/2008/2313

exchange.xforce.ibmcloud.com/vulnerabilities/44179

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

7.5 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2008-3389