Vigil@nce - Ingres: buffer overflow of iidbms


we track for your security since 1999

resources

Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin 9393 Ingres: buffer overflow of iidbms
Synthesis of the vulnerability

An attacker can send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.

Severity: 2/4.
Consequences: privileged access/rights, denial of service of service.
Provenance: intranet client.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: high (3/3).
Creation date: 29/01/2010.

Impacted products

CA Ingres

Description of the vulnerability

The iidbms (Ingres II DBMS) process is the data manager engine.

An unauthenticated attacker can send a message containing a long field to iidbms, which creates a buffer overflow.

An attacker can therefore send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.

Characteristics

Title: Ingres: buffer overflow of iidbms
Identifiers: 123208, BID-38001, VIGILANCE-VUL-9393.
Url: https://vigilance.fr/tree/1/9393

Information sources

Publications and announces
Source example: Ingres 9.3 heap overflow

Solutions for this vulnerability

Patch or workaround