CVE-2008-3356 - OpenCVE

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ingres	Ingres

Configuration 1 [-]

OR	cpe:2.3:a:ingres:ingres:2.6:::::::*
	cpe:2.3:a:ingres:ingres:2006:9.0.1::::::
	cpe:2.3:a:ingres:ingres:2006:9.0.4::::::
	cpe:2.3:a:ingres:ingres:2006:release_1::::::
	cpe:2.3:a:ingres:ingres:2006:release_2::::::

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
http://secunia.com/advisories/31357	Vendor Advisory
http://secunia.com/advisories/31398
http://securitytracker.com/id?1020613
http://www.ingres.com/support/security-alert-080108.php
http://www.securityfocus.com/archive/1/495177/100/0/threaded
http://www.securityfocus.com/bid/30512
http://www.vupen.com/english/advisories/2008/2292
http://www.vupen.com/english/advisories/2008/2313
https://exchange.xforce.ibmcloud.com/vulnerabilities/44177
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-08-05T19:20:00

Updated: 2018-10-11T19:57:01

Reserved: 2008-07-28T00:00:00

Link: CVE-2008-3356

JSON object: View

NVD Information

Status : Modified

Published: 2008-08-05T19:41:00.000

Modified: 2018-10-11T20:48:02.660

Link: CVE-2008-3356

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.ingres.com/support/security-alert-080108.php"}, {"name": "ADV-2008-2292", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2292"}, {"name": "31398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31398"}, {"name": "1020613", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020613"}, {"name": "ADV-2008-2313", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2313"}, {"name": "31357", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31357"}, {"name": "ingres-verifydb-symlink(44177)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"}, {"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"}, {"name": "30512", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30512"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"}, {"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ingres.com/support/security-alert-080108.php", "refsource": "CONFIRM", "url": "http://www.ingres.com/support/security-alert-080108.php"}, {"name": "ADV-2008-2292", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2292"}, {"name": "31398", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31398"}, {"name": "1020613", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020613"}, {"name": "ADV-2008-2313", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2313"}, {"name": "31357", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31357"}, {"name": "ingres-verifydb-symlink(44177)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"}, {"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"}, {"name": "30512", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30512"}, {"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989", "refsource": "CONFIRM", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"}, {"name": "20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3356", "datePublished": "2008-08-05T19:20:00", "dateReserved": "2008-07-28T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45", "vulnerable": true}, {"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.1:*:*:*:*:*:*", "matchCriteriaId": "8CEFDCDD-7D4B-442C-8CD4-D22CA5F4DD35", "vulnerable": true}, {"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*", "matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ingres:ingres:2006:release_1:*:*:*:*:*:*", "matchCriteriaId": "A99FF96C-A88B-4AE2-BA8B-C16D2F88C606", "vulnerable": true}, {"criteria": "cpe:2.3:a:ingres:ingres:2006:release_2:*:*:*:*:*:*", "matchCriteriaId": "02D8FAC9-5887-4B0D-BB95-0704D763B6A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename."}, {"lang": "es", "value": "verifydb en Ingres 2.6, Ingres 2006 versi\u00f3n 1 (alias 9.0.4), y Ingres 2006 versi\u00f3n 2 (alias 9.1.0) en Linux y otras plataformas Unix que establece la propiedad o permisos del archivo iivdb.log, sin verificar que es el archivo log propio de la aplicaci\u00f3n, lo que permite a los usuarios sobrescribir arbitrariamente archivos creando un enlace simb\u00f3lico con un nombre de archivo iivdb.log."}], "evaluatorComment": "This vulnerability affects all platforms except VMS and Windows", "evaluatorImpact": "\"Exploitation of this vulnerability allows an attacker to overwrite arbitrary files owned by the \"ingres\" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. \" (iDefense)\r\n\r\n", "evaluatorSolution": "Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. The security fixes are available and can be quickly applied with little to no anticipated impact to systems. \r\n\r\nIngres customers with a current support contract can review the following knowledge base document for information on downloading the available fixes:\r\nhttp://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl\r\n\r\n(ingres.com)", "id": "CVE-2008-3356", "lastModified": "2018-10-11T20:48:02.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-08-05T19:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31357"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31398"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020613"}, {"source": "cve@mitre.org", "url": "http://www.ingres.com/support/security-alert-080108.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30512"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2292"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2313"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44177"}, {"source": "cve@mitre.org", "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}