CVE-2007-3338: Buffer Overflow
First published: Fri Jun 22 2007(Updated: )
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Actian Ingres | =2.5 | |
| Actian Ingres | =2.6 | |
| Actian Ingres | =9.0.4 | |
| Actian Ingres | =r3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
- http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
- http://www.securityfocus.com/bid/24585
- http://secunia.com/advisories/25775
- http://secunia.com/advisories/25756
- http://www.vupen.com/english/advisories/2007/2288
- http://www.vupen.com/english/advisories/2007/2290
- http://osvdb.org/37483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34998
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34995
- http://www.securityfocus.com/archive/1/472197/100/0/threaded
- http://www.securityfocus.com/archive/1/472194/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-3338?
CVE-2007-3338 is considered a high-severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2007-3338?
To mitigate CVE-2007-3338, it is essential to upgrade to the latest version of the Ingres database server that contains security patches.
What versions of Ingres are affected by CVE-2007-3338?
CVE-2007-3338 affects Ingres database server versions 2.5, 2.6, r3, and 9.0.4.
Can CVE-2007-3338 be exploited remotely?
Yes, CVE-2007-3338 allows remote attackers to exploit the vulnerability without needing local access.
What functions are associated with CVE-2007-3338?
CVE-2007-3338 is specifically related to buffer overflows in the uuid_from_char and duve_get_args functions.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ingres
- canonical/actian ingres
- version/actian ingres/2.5
- version/actian ingres/2.6
- version/actian ingres/9.0.4
- version/actian ingres/r3