Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin 9393

Ingres: buffer overflow of iidbms

Synthesis of the vulnerability

An attacker can send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.
Severity: 2/4.
Creation date: 29/01/2010.

Description of the vulnerability

The iidbms (Ingres II DBMS) process is the data manager engine.

An unauthenticated attacker can send a message containing a long field to iidbms, which creates a buffer overflow.

An attacker can therefore send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Ingres: buffer overflow of iidbms.
Keywords: DBMS Ingres buffer iidbms overflow.
Identifiers: 123208, BID-38001, VIGILANCE-VUL-9393.

Information sources

Publications and announces
Source example: Ingres 9.3 heap overflow

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Technology watch team on vulnerabilities



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française