Required CVE Record Information
Description
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
References 11 Total
- http://www.ingres.com/support/security-alert-080108.php
- vupen.com: ADV-2008-2292 vdb-entry
- secunia.com: 31398 third-party-advisory
- securitytracker.com: 1020613 vdb-entry
- vupen.com: ADV-2008-2313 vdb-entry
- secunia.com: 31357 third-party-advisory
- exchange.xforce.ibmcloud.com: ingres-verifydb-symlink(44177) vdb-entry
- securityfocus.com: 20080806 CA Products That Embed Ingres Multiple Vulnerabilities mailing-list
- securityfocus.com: 30512 vdb-entry
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989
- labs.idefense.com: 20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 11 Total
- http://www.ingres.com/support/security-alert-080108.php x_transferred
- vupen.com: ADV-2008-2292 vdb-entryx_transferred
- secunia.com: 31398 third-party-advisoryx_transferred
- securitytracker.com: 1020613 vdb-entryx_transferred
- vupen.com: ADV-2008-2313 vdb-entryx_transferred
- secunia.com: 31357 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: ingres-verifydb-symlink(44177) vdb-entryx_transferred
- securityfocus.com: 20080806 CA Products That Embed Ingres Multiple Vulnerabilities mailing-listx_transferred
- securityfocus.com: 30512 vdb-entryx_transferred
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 x_transferred
- labs.idefense.com: 20080801 Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability third-party-advisoryx_transferred