CVE-2007-3337

Name of the Vulnerable Software and Affected Versions Ingres database server versions 2006 9.0.4, r3, 2.6, and 2.5

Description The issue allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. This can be exploited by creating a symbolic link to a target file, which can then be truncated by the wakeup function in the Ingres database server.

Recommendations For Ingres database server version 2006 9.0.4, consider restricting access to the alarmwkp.def file to prevent symlink attacks. For Ingres database server version r3, restrict access to the alarmwkp.def file to minimize the risk of exploitation. For Ingres database server version 2.6, avoid using the wakeup function until a fix is available. For Ingres database server version 2.5, restrict access to the alarmwkp.def file to prevent exploitation.