32 matches found
CVE-2007-3338
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA Computer Associates products, allow remote attackers to execute arbitrary code via the 1 uuidfromchar or 2 duvegetargs functions...
Stack overflow
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA Computer Associates products, allow remote attackers to execute arbitrary code via the 1 uuidfromchar or 2 duvegetargs functions...
Design/Logic Flaw
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...
CVE-2007-3336
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...
CVE-2007-3337
CVE-2007-3337 concerns the Ingres database server (2006 9.0.4 and earlier) used in multiple CA products. A local user can abuse the setuid root binary “wakeup” by creating a symbolic link to the file alarmwkp.def, causing the binary to truncate arbitrary files in the current directory. The issue ...
CVE-2007-3338
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA Computer Associates products, allow remote attackers to execute arbitrary code via the 1 uuidfromchar or 2 duvegetargs functions...
CVE-2007-3336
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...
Ingress数据库服务器多个堆溢出漏洞
Ingres是很多CA产品默认所使用的数据库后端。 CA产品所捆绑Ingres数据库服务器在处理请求数据时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 Ingres数据库服务器的通讯服务器(iigcc.exe)和数据访问服务器(iigcd.exe)组件没有正确验证用户所提供数据的长度便将数据拷贝到了固定大小的堆缓冲区。如果远程攻击者在10916(iigcc)或10923(iigcd)端口上建立的TCP会话的话,就可以向数据库服务器发送畸形请求触发漏洞,导致执行任意指令。 Computer Associates eTrust Secure Content Manager r8...
CVE-2007-3334
Multiple heap-based buffer overflows in the 1 Communications Server iigcc.exe and 2 Data Access Server iigcd.exe components for Ingres Database Server 3.0.3, as used in CA Computer Associates products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitra...
Heap overflow
Multiple heap-based buffer overflows in the 1 Communications Server iigcc.exe and 2 Data Access Server iigcd.exe components for Ingres Database Server 3.0.3, as used in CA Computer Associates products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitra...
CVE-2007-3334
Multiple heap-based buffer overflows in the 1 Communications Server iigcc.exe and 2 Data Access Server iigcd.exe components for Ingres Database Server 3.0.3, as used in CA Computer Associates products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitra...
CVE-2007-3334
CVE-2007-3334 affects Ingres Database (3.0.3) components used in CA products (eTrust Secure Content Manager on Windows). A remote, unauthenticated attacker can exploit heap-based buffer overflows in the Communications Server (iigcc.exe) and Data Access Server (iigcd.exe) by sending specially craf...