CVE-2008-3356
Description
verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the applications own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.
Risk Information
Base Score
9.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.045
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update to Computer Associates patch-3.0.3.103.12836-int-lnx | Windows |
| Update to Computer Associates patch-3.0.3.211.12830-hp2-us5 | Windows |
| Update to Computer Associates patch-3.0.3.211.12831-i64-hpu | Windows |
| Update to Computer Associates patch-3.0.3.211.12832-a64-sol | Windows |
| Update to Computer Associates patch-3.0.3.211.12833-r64-us5 | Windows |
| Update to Computer Associates patch-3.0.3.211.12834-su9-us5 | Windows |
| Update to Computer Associates patch-3.0.3.211.12835-a64-lnx | Windows |
| Update to Computer Associates patch-3.0.3.211.12838-i64-lnx | Windows |
| Update to Computer Associates install-3.0.3.211.12830-hp2-us5 | Windows |
| Update to Computer Associates install-3.0.3.211.12831-i64-hpu | Windows |
| Update to Computer Associates install-3.0.3.211.12832-a64-sol | Windows |
| Update to Computer Associates install-3.0.3.211.12833-r64-us5 install-3.0.3.211.12833-r64-us5 | Windows |
| Update to Computer Associates install-3.0.3.211.12834-su9-us5 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234