verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-08-05T19:20:00
Updated: 2018-10-11T19:57:01
Reserved: 2008-07-28T00:00:00
Link: CVE-2008-3356
JSON object: View
NVD Information
Status : Modified
Published: 2008-08-05T19:41:00.000
Modified: 2018-10-11T20:48:02.660
Link: CVE-2008-3356
JSON object: View
Redhat Information
No data.
CWE