CVE-2007-3336 | Vulnerability Database | Aqua Security

Multiple pointer overwrite vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Affected Software

Name	Vendor	Start Version	End Version
Database_server	Ingres	2.5 (including)	2.5 (including)
Database_server	Ingres	2.6 (including)	2.6 (including)
Database_server	Ingres	9.0.4 (including)	9.0.4 (including)
Database_server	Ingres	r3 (including)	r3 (including)

References

http://archives.neohapsis.com/archives/bugtraq/2007-06/0302.html
http://osvdb.org/37486
http://secunia.com/advisories/25756
http://secunia.com/advisories/25775
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-1/
http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/
http://www.securityfocus.com/archive/1/472193/100/0/threaded
http://www.securityfocus.com/bid/24585
http://www.vupen.com/english/advisories/2007/2288
http://www.vupen.com/english/advisories/2007/2290
https://exchange.xforce.ibmcloud.com/vulnerabilities/34993
https://exchange.xforce.ibmcloud.com/vulnerabilities/35000

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3336
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html