← back
CVE-2007-3336

CVE-2007-3336

EPSS 9.0%
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/14646unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.htmlhttp://osvdb.org/37486http://secunia.com/advisories/25756http://secunia.com/advisories/25775https://exchange.xforce.ibmcloud.com/vulnerabilities/34993https://exchange.xforce.ibmcloud.com/vulnerabilities/35000http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asphttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/http://www.securityfocus.com/archive/1/472193/100/0/threadedhttp://www.securityfocus.com/bid/24585