Code injection

verifydb in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files ...

CVE-2008-3389

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...

CVE-2008-3356

CVE-2008-3356 affects Ingres products (notably verifydb in Ingres 2.6 and Ingres 2006 Release 1/2) on Linux/Unix. The issue arises when verifydb sets ownership/permissions of iivdb.log without confirming it is the application log, allowing a local attacker to overwrite arbitrary files by creating...

CVE-2008-3356

verifydb in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files ...

iDefense Security Advisory 08.01.08: Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability

iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008 I. BACKGROUND Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service uses the Ingres Database server. More information can be foun...

Ingres verifydb local stack overflow

======= Summary ======= Name: verifydb local stack overflow Release Date: 25 June 2007 Reference: NGS00389 Discover: Chris Anley [email protected] Vendor: Ingres Vendor Reference: Ingres bug 115911, CVE-2007-3338, CAID 35452 Systems Affected: Ingres 2006 9.0.4 and prior Risk: Medium Status:...