CVE-2008-3389

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-08-2008 09:41

Last modified: - 23-01-2023 07:44

Total changes: - 8

Description

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

4.6

Base score

3.9

6.4

Exploitability score

Impact score

Verification logic

Reference

20080801 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability-Broken Link
http://www.ingres.com/support/security-alert-080108.php
30512-Third Party Advisory, VDB Entry
1020615-Third Party Advisory, VDB Entry
31357-Third Party Advisory
31398-Third Party Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
ADV-2008-2313-Third Party Advisory
ADV-2008-2292-Third Party Advisory
ingres-libbecompat-bo(44179)-Third Party Advisory, VDB Entry
20080806 CA Products That Embed Ingres Multiple Vulnerabilities-

Keywords

CVE-2008-3389

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2008-3389

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures