The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Ingres: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities affects the Ingres database.
Impacted products: Ingres Database.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 22/06/2007.
Revision date: 26/06/2007.
Références of this threat: 115911, 115913, 115927, 117523, BID-24585, CAID 35450, CAID 35451, CAID 35452, CERTA-2007-AVI-275, CVE-2007-3334, CVE-2007-3336, CVE-2007-3337, CVE-2007-3338, VIGILANCE-VUL-6933.

Description of the vulnerability 

Several vulnerabilities affects the Ingres database.

An unauthenticated attacker can connect to the 21064/tcp port and corrupt memory via QUremove() function in order to execute code. [severity:3/4; 115927, CAID 35450, CERTA-2007-AVI-275, CVE-2007-3336]

An unauthenticated attacker can connect to the 21064/tcp port and corrupt memory via QUinsert() function in order to execute code. [severity:3/4; 115927, CAID 35450, CERTA-2007-AVI-275, CVE-2007-3336]

The wakeup program is suid ingres. It creates the "alarmwkp.def" file in the current directory and truncates it if it already exists. A local attacker can therefore use the wakeup program to alter a file with rights of ingres user. [severity:3/4; 115913, CAID 35451, CVE-2007-3337]

The uuid_from_char SQL function creates an UUID corresponding to a pattern indicated as parameter. An authenticated attacker can use a long parameter in order to generate a buffer overflow in uuid_from_char. [severity:3/4; 115911, CAID 35452, CVE-2007-3338]

The verifydb program is installed suid ingres. When its '-dbms_test' parameter is too long, an overflow occurs in the duve_get_args() function. [severity:3/4; 115911, CAID 35452, CVE-2007-3338]

Under Windows, an attacker can connect to the 10916/tcp port (iigcc.exe, Communications Server) in order to generate an overflow. [severity:3/4; 117523, CVE-2007-3334]

Under Windows, an attacker can connect to the 10923/tcp port (iigcd.exe, Data Access server) in order to generate an overflow. [severity:3/4; 117523, CVE-2007-3334]

These vulnerabilities permit a local or remote attacker to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as Ingres Database.

Our Vigil@nce team determined that the severity of this weakness alert is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 7 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat 

Ingres: version 2.6 SP5.
Version Ingres 2.6 SP5 is corrected.

Ingres: patch.
Patch 1198x are available:
  http://supportconnect.ca.com/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability bulletins. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.