Vulnerability Name:

CVE-2007-3334 (CCN-34991)

Assigned:2007-06-21
Published:2007-06-21
Updated:2017-07-29
Summary:Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-3334

Source: IDEFENSE
Type: Patch
20070621 Ingres Database Multiple Heap Corruption Vulnerabilities

Source: OSVDB
Type: UNKNOWN
37487

Source: OSVDB
Type: UNKNOWN
37488

Source: CCN
Type: SA25756
Ingres Database Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25756

Source: CCN
Type: SA25775
CA Products Ingres Database Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25775

Source: CCN
Type: SECTRACK ID: 1018278
Ingres Database Heap Overflows Let Remote Users Execute Arbitrary Code

Source: CCN
Type: CA SupportConnect Web site
Ingres Security Alert

Source: CONFIRM
Type: UNKNOWN
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp

Source: CONFIRM
Type: UNKNOWN
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778

Source: CCN
Type: Ingres Corporation Web site
Ingres Database Server

Source: CCN
Type: OSVDB ID: 37487
Ingres Database Communications Server (iigcc.exe) Unspecified Remote Code Execution

Source: CCN
Type: OSVDB ID: 37488
Ingres Database Data Access Server (iigcd.exe) Unspecified Remote Code Execution

Source: BID
Type: UNKNOWN
24585

Source: CCN
Type: BID-24585
Ingress Database Server Multiple Remote Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018278

Source: VUPEN
Type: UNKNOWN
ADV-2007-2288

Source: VUPEN
Type: UNKNOWN
ADV-2007-2290

Source: XF
Type: UNKNOWN
ingres-communications-server-bo(34991)

Source: XF
Type: UNKNOWN
ingres-communications-server-bo(34991)

Source: XF
Type: UNKNOWN
ingres-data-access-server-bo(34992)

Source: XF
Type: UNKNOWN
ingres-wakeup-privilege-escalation(35002)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 06.21.07
Ingres Database Multiple Heap Corruption Vulnerabilities

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:all_windows:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ingres:database_server:3.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft all windows *
    ca etrust secure content manager 8.0
    ingres database server 3.0.3