3 matches found
CA Products That Embed Ingres Multiple Vulnerabilities
Title: CA Products That Embed Ingres Multiple Vulnerabilities CA Advisory Date: 2008-08-01 Reported By: iDefense Labs Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition. Summary: CA products that embed Ingres contain multiple...
CVE-2008-3356
verifydb in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files ...
CVE-2008-3356
CVE-2008-3356 affects Ingres products (notably verifydb in Ingres 2.6 and Ingres 2006 Release 1/2) on Linux/Unix. The issue arises when verifydb sets ownership/permissions of iivdb.log without confirming it is the application log, allowing a local attacker to overwrite arbitrary files by creating...