CVE-2008-3357

Name of the Vulnerable Software and Affected Versions Ingres versions 2.6, 9.0.4, and 9.1.0

Description The issue is related to an untrusted search path vulnerability in the ingvalidpw utility of the Ingres database management system. This vulnerability allows local users to gain privileges via a crafted shared library. The vulnerability is also described as a "pointer overwrite vulnerability" and can be exploited by loading shared libraries from a user-owned directory, potentially allowing an attacker to elevate their privileges and execute arbitrary code with root privileges using a specially crafted library.

Recommendations For Ingres version 2.6, update to a fixed version to resolve the issue. For Ingres version 9.0.4, update to a fixed version to resolve the issue. For Ingres version 9.1.0, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the ingvalidpw utility until a patch is available.