The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ingres Database

computer vulnerability bulletin 10968

Ingres Database: buffer overflow via IIPROMPT

Synthesis of the vulnerability

When Ingres Database is installed on Windows, an attacker can generate an overflow, in order to execute code.
Impacted products: Ingres Database.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 05/09/2011.
Identifiers: 125598, 421194, BID-49435, VIGILANCE-VUL-10968.

Description of the vulnerability

The Windows iigcn.exe (GCN - General Communications Name Server) service is used to route queries to the associated server.

The IIPROMPT1, IIPROMPTONCE and IIPROMPTALL queries processes the access to the GCN service.

An attacker can use a malicious IIPROMPT* query, in order to create an overflow in iigcn.exe.

When Ingres Database is installed on Windows, an attacker can therefore generate an overflow, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 9393

Ingres: buffer overflow of iidbms

Synthesis of the vulnerability

An attacker can send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.
Impacted products: Ingres Database.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 29/01/2010.
Identifiers: 123208, BID-38001, VIGILANCE-VUL-9393.

Description of the vulnerability

The iidbms (Ingres II DBMS) process is the data manager engine.

An unauthenticated attacker can send a message containing a long field to iidbms, which creates a buffer overflow.

An attacker can therefore send a malicious query to the iidbms process of Ingres, in order to generate a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2008-3356 CVE-2008-3357 CVE-2008-3389

Ingres Database: multiple vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities had been announced in Ingres.
Impacted products: Ingres Database.
Severity: 2/4.
Consequences: administrator access/rights, data reading, data creation/edition.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 04/08/2008.
Identifiers: BID-30512, CERTA-2008-AVI-390, CVE-2008-3356, CVE-2008-3357, CVE-2008-3389, VIGILANCE-VUL-7994.

Description of the vulnerability

Several vulnerabilities had been announced in Ingres.

An attacker can use "verifydb" command to create a "iivdb.log" malicious library. [severity:1/4; CERTA-2008-AVI-390, CVE-2008-3356]

An attacker can use "ingvalidpw" command to execute malicious library code with root privileges. [severity:1/4; CVE-2008-3357]

An attacker can generate a buffer overflow in the "libbecompat" library and thus executing code. [severity:2/4; CVE-2008-3389]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-6334

Ingres: incorrect authentication

Synthesis of the vulnerability

Under Windows, the second user who logs into Ingres is connected as the first user.
Impacted products: Ingres Database.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/12/2007.
Revision date: 27/12/2007.
Identifiers: 415703, BID-2695, CAID 35970, CERTA-2007-AVI-558, CVE-2007-6334, VIGILANCE-VUL-7437.

Description of the vulnerability

The Microsoft IIS web server supports IWA (Integrated Windows Authentication) authentication. Two vulnerabilities related to this authentication affect Ingres.

With Ingres r3 and Ingres 2006, when a user is connected, and if another user authenticates, an error occurs and his access is rejected. [severity:2/4]

With Ingres 2.6 and 2.5, when a user is connected, and if another user authenticates, he accesses to the account of the first user. [severity:2/4],
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2007-3334 CVE-2007-3336 CVE-2007-3337

Ingres: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities affects the Ingres database.
Impacted products: Ingres Database.
Severity: 3/4.
Consequences: user access/rights, data creation/edition, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 7.
Creation date: 22/06/2007.
Revision date: 26/06/2007.
Identifiers: 115911, 115913, 115927, 117523, BID-24585, CAID 35450, CAID 35451, CAID 35452, CERTA-2007-AVI-275, CVE-2007-3334, CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, VIGILANCE-VUL-6933.

Description of the vulnerability

Several vulnerabilities affects the Ingres database.

An unauthenticated attacker can connect to the 21064/tcp port and corrupt memory via QUremove() function in order to execute code. [severity:3/4; 115927, CAID 35450, CERTA-2007-AVI-275, CVE-2007-3336]

An unauthenticated attacker can connect to the 21064/tcp port and corrupt memory via QUinsert() function in order to execute code. [severity:3/4; 115927, CAID 35450, CERTA-2007-AVI-275, CVE-2007-3336]

The wakeup program is suid ingres. It creates the "alarmwkp.def" file in the current directory and truncates it if it already exists. A local attacker can therefore use the wakeup program to alter a file with rights of ingres user. [severity:3/4; 115913, CAID 35451, CVE-2007-3337]

The uuid_from_char SQL function creates an UUID corresponding to a pattern indicated as parameter. An authenticated attacker can use a long parameter in order to generate a buffer overflow in uuid_from_char. [severity:3/4; 115911, CAID 35452, CVE-2007-3338]

The verifydb program is installed suid ingres. When its '-dbms_test' parameter is too long, an overflow occurs in the duve_get_args() function. [severity:3/4; 115911, CAID 35452, CVE-2007-3338]

Under Windows, an attacker can connect to the 10916/tcp port (iigcc.exe, Communications Server) in order to generate an overflow. [severity:3/4; 117523, CVE-2007-3334]

Under Windows, an attacker can connect to the 10923/tcp port (iigcd.exe, Data Access server) in order to generate an overflow. [severity:3/4; 117523, CVE-2007-3334]

These vulnerabilities permit a local or remote attacker to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.