CVE-2007-3334 - OpenCVE

Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ingres	Database Server
Microsoft	All Windows
Ca	Etrust Secure Content Manager

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ca:etrust_secure_content_manager:8.0:::::::*
	cpe:2.3:a:ingres:database_server:3.0.3:::::::*

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546	Patch
http://osvdb.org/37487
http://osvdb.org/37488
http://secunia.com/advisories/25756
http://secunia.com/advisories/25775
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.securityfocus.com/bid/24585
http://www.securitytracker.com/id?1018278
http://www.vupen.com/english/advisories/2007/2288
http://www.vupen.com/english/advisories/2007/2290
https://exchange.xforce.ibmcloud.com/vulnerabilities/34991
https://exchange.xforce.ibmcloud.com/vulnerabilities/34992
https://exchange.xforce.ibmcloud.com/vulnerabilities/35002

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-21T22:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-06-21T00:00:00

Link: CVE-2007-3334

JSON object: View

NVD Information

Status : Modified

Published: 2007-06-21T22:30:00.000

Modified: 2017-07-29T01:32:10.940

Link: CVE-2007-3334

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-2288", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"name": "ingres-wakeup-privilege-escalation(35002)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}, {"name": "25756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25756"}, {"name": "25775", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25775"}, {"name": "37488", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37488"}, {"name": "ADV-2007-2290", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"name": "ingres-communications-server-bo(34991)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"name": "37487", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37487"}, {"name": "1018278", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018278"}, {"name": "ingres-data-access-server-bo(34992)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"name": "24585", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24585"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3334", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-2288", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778", "refsource": "CONFIRM", "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"name": "ingres-wakeup-privilege-escalation(35002)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}, {"name": "25756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25756"}, {"name": "25775", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25775"}, {"name": "37488", "refsource": "OSVDB", "url": "http://osvdb.org/37488"}, {"name": "ADV-2007-2290", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"name": "ingres-communications-server-bo(34991)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"name": "37487", "refsource": "OSVDB", "url": "http://osvdb.org/37487"}, {"name": "1018278", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018278"}, {"name": "ingres-data-access-server-bo(34992)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"name": "24585", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24585"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3334", "datePublished": "2007-06-21T22:00:00", "dateReserved": "2007-06-21T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ingres:database_server:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B836C674-BF4F-4D60-AA33-D778B712D3A3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en los componentes (1) Communications Server (iigcc.exe) y (2) Data Access Server (iigcd.exe) para el Ingres Database Server 3.0.3, como el utilizado en los productos del CA (Computer Associates) incluyendo el eTrust Secure Content Manager r8 bajo Windows, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2007-3334", "lastModified": "2017-07-29T01:32:10.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-21T22:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37487"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37488"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25756"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25775"}, {"source": "cve@mitre.org", "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"source": "cve@mitre.org", "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24585"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018278"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}