[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80170

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-3338

Date: (C)2007-06-22   (M)2017-08-01 


Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

CVSS Score: 10.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
http://www.securityfocus.com/archive/1/archive/1/472197/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/472194/100/0/threaded
BID-24585
SECUNIA-25756
SECUNIA-25775
OSVDB-37483
ADV-2007-2288
ADV-2007-2290
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/
ingres-duvegetargs-bo(34998)
ingres-uuidfromchar-bo(34995)

CWE    1
CWE-119

© 2013 SecPod Technologies