CVE-2007-3338

Published: Jun 22, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

Affected (4)

Products: Ingres: Database Server

1 product

Database Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ingres Database Server	Version 2.5
Ingres Database Server	Version 2.6
Ingres Database Server	Version 9.0.4
Ingres Database Server	Version r3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (28)

http://osvdb.org/37483

Source: cve@mitre.org

http://secunia.com/advisories/25756

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/25775

Source: cve@mitre.org

Vendor Advisory

http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp

Source: cve@mitre.org

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778

Source: cve@mitre.org

http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/

Source: cve@mitre.org

http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/472194/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/472197/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24585

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/2288

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2007/2290

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/34995

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34998

Source: cve@mitre.org

http://osvdb.org/37483

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25756

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/25775

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/472194/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/472197/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24585

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/2288

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2007/2290

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/34995

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34998

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.