CVE-2007-3334 - OpenCVE

Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ca	Etrust Secure Content Manager
Ingres	Database Server
Microsoft	All Windows

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:ca:etrust_secure_content_manager:8.0:::::::*
	cpe:2.3:a:ingres:database_server:3.0.3:::::::*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546
http://osvdb.org/37487
http://osvdb.org/37488
http://secunia.com/advisories/25756
http://secunia.com/advisories/25775
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.securityfocus.com/bid/24585
http://www.securitytracker.com/id?1018278
http://www.vupen.com/english/advisories/2007/2288
http://www.vupen.com/english/advisories/2007/2290
https://exchange.xforce.ibmcloud.com/vulnerabilities/34991
https://exchange.xforce.ibmcloud.com/vulnerabilities/34992
https://exchange.xforce.ibmcloud.com/vulnerabilities/35002

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-21T22:00:00

Updated: 2024-08-07T14:14:12.912Z

Reserved: 2007-06-21T00:00:00

Link: CVE-2007-3334

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-21T22:30:00.000

Modified: 2017-07-29T01:32:10.940

Link: CVE-2007-3334

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-2288", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"name": "ingres-wakeup-privilege-escalation(35002)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}, {"name": "25756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25756"}, {"name": "25775", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25775"}, {"name": "37488", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37488"}, {"name": "ADV-2007-2290", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"name": "ingres-communications-server-bo(34991)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"name": "37487", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37487"}, {"name": "1018278", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018278"}, {"name": "ingres-data-access-server-bo(34992)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"name": "24585", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24585"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3334", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-2288", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"name": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778", "refsource": "CONFIRM", "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"name": "ingres-wakeup-privilege-escalation(35002)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}, {"name": "25756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25756"}, {"name": "25775", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25775"}, {"name": "37488", "refsource": "OSVDB", "url": "http://osvdb.org/37488"}, {"name": "ADV-2007-2290", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"name": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"name": "ingres-communications-server-bo(34991)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"name": "37487", "refsource": "OSVDB", "url": "http://osvdb.org/37487"}, {"name": "1018278", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018278"}, {"name": "ingres-data-access-server-bo(34992)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"name": "24585", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24585"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.912Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-2288", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"name": "20070621 Ingres Database Multiple Heap Corruption Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"name": "ingres-wakeup-privilege-escalation(35002)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}, {"name": "25756", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25756"}, {"name": "25775", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25775"}, {"name": "37488", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37488"}, {"name": "ADV-2007-2290", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"name": "ingres-communications-server-bo(34991)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"name": "37487", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37487"}, {"name": "1018278", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018278"}, {"name": "ingres-data-access-server-bo(34992)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"name": "24585", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24585"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3334", "datePublished": "2007-06-21T22:00:00", "dateReserved": "2007-06-21T00:00:00", "dateUpdated": "2024-08-07T14:14:12.912Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB4B29F-4C60-48A0-8F58-BCBDC58B697E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ca:etrust_secure_content_manager:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DB54A16-5E56-46FC-A49C-56C98C0B8F1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ingres:database_server:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B836C674-BF4F-4D60-AA33-D778B712D3A3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en los componentes (1) Communications Server (iigcc.exe) y (2) Data Access Server (iigcd.exe) para el Ingres Database Server 3.0.3, como el utilizado en los productos del CA (Computer Associates) incluyendo el eTrust Secure Content Manager r8 bajo Windows, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."}], "id": "CVE-2007-3334", "lastModified": "2017-07-29T01:32:10.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-21T22:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37487"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37488"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25756"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25775"}, {"source": "cve@mitre.org", "url": "http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp"}, {"source": "cve@mitre.org", "url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24585"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018278"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2288"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2290"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34991"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34992"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35002"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}