CVE-2008-3356
N/A
N/A
Summary
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.ingres.com/support/security-alert-080108.php
- http://www.vupen.com/english/advisories/2008/2292
- http://secunia.com/advisories/31398
- http://securitytracker.com/id?1020613
- http://www.vupen.com/english/advisories/2008/2313
- http://secunia.com/advisories/31357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44177
- http://www.securityfocus.com/archive/1/495177/100/0/threaded
- http://www.securityfocus.com/bid/30512
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
References
- http://www.ingres.com/support/security-alert-080108.php
- http://www.vupen.com/english/advisories/2008/2292
- http://secunia.com/advisories/31398
- http://securitytracker.com/id?1020613
- http://www.vupen.com/english/advisories/2008/2313
- http://secunia.com/advisories/31357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44177
- http://www.securityfocus.com/archive/1/495177/100/0/threaded
- http://www.securityfocus.com/bid/30512
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.