CVE-2007-3336

Name of the Vulnerable Software and Affected Versions Ingres database server versions 2.5 through 2006 9.0.4

Description The issue allows remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Recommendations For Ingres database server versions 2.5 through 2006 9.0.4, consider restricting access to the iigcc process until a patch is available. As a temporary workaround, consider disabling the QUinsert and QUremove functions until a fix is provided. Avoid sending certain TCP data to the Ingres Communications Server Process to minimize the risk of exploitation.