CVE-2007-6334
First published: Thu Dec 20 2007(Updated: )
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows NT | ||
| Actian Ingres | =2.5 | |
| Actian Ingres | =2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp
- http://www.ingres.com/support/security-alertDec17.php
- http://www.securityfocus.com/bid/26959
- http://secunia.com/advisories/28183
- http://secunia.com/advisories/28187
- http://www.securitytracker.com/id?1019134
- http://www.osvdb.org/39358
- http://www.vupen.com/english/advisories/2007/4303
- http://www.vupen.com/english/advisories/2007/4304
- http://www.securityfocus.com/archive/1/485448/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-6334?
The severity of CVE-2007-6334 is considered critical due to the potential for privilege escalation by attackers.
How do I fix CVE-2007-6334?
To fix CVE-2007-6334, update to a later version of Actian Ingres that addresses this privilege assignment vulnerability.
What systems are affected by CVE-2007-6334?
CVE-2007-6334 affects Ingres versions 2.5 and 2.6 running on Windows.
What is the nature of the vulnerability in CVE-2007-6334?
CVE-2007-6334 allows remote attackers to gain unauthorized privileges by exploiting the user privilege assignment flaw.
Who is impacted by CVE-2007-6334?
Organizations using Ingres 2.5 and 2.6 on Windows in their systems are impacted by CVE-2007-6334.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows nt
- vendor/ingres
- canonical/actian ingres
- version/actian ingres/2.5
- version/actian ingres/2.6