PT-2007-4615 · Actian · Ingres Database Server

Published

2007-06-22

Updated

2018-10-16

CVE-2007-3338

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ingres database server versions 2.5 through 2006 9.0.4, r3, 2.6

Description The issue concerns multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This is achieved through the uuid from char or duve get args functions.

Recommendations For Ingres database server versions 2.5 through 2006 9.0.4, r3, 2.6, consider disabling the uuid from char and duve get args functions as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2007-3338

Affected Products

Ingres Database Server

PT-2007-4615 · Actian · Ingres Database Server

CVE-2007-3338

Weakness Enumeration

Related Identifiers

Affected Products

References · 15