The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

threat alert for Ingres: incorrect authentication - CVE-2007-6334

Synthesis of the vulnerability

Under Windows, the second user who logs into Ingres is connected as the first user.
Severity of this bulletin: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/12/2007.
Revision date: 27/12/2007.
Références of this threat: 415703, BID-2695, CAID 35970, CERTA-2007-AVI-558, CVE-2007-6334, VIGILANCE-VUL-7437.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft IIS web server supports IWA (Integrated Windows Authentication) authentication. Two vulnerabilities related to this authentication affect Ingres.

With Ingres r3 and Ingres 2006, when a user is connected, and if another user authenticates, an error occurs and his access is rejected. [severity:2/4]

With Ingres 2.6 and 2.5, when a user is connected, and if another user authenticates, he accesses to the account of the first user. [severity:2/4],
Full Vigil@nce bulletin... (Free trial)

This computer vulnerability bulletin impacts software or systems such as Ingres Database.

Our Vigil@nce team determined that the severity of this vulnerability bulletin is medium.

The trust level is of type confirmed by a trusted third party, with an origin of user account.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this threat note.

Solutions for this threat

Ingres: patch.
A patch is available:
  http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415703+HTMPL=kt_document_view.htmpl
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides system vulnerability announces. The Vigil@nce vulnerability database contains several thousand vulnerabilities.