CVE-2008-3389
Published Aug 5, 2008
Last updated 6 years ago
Overview
- Description
- Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Evaluator
- Comment
- -
- Impact
- "Exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the "ingres" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. " (iDefense)
- Solution
- "Exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the "ingres" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. " (iDefense)
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45"
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6"
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "708FD550-E400-4973-979B-3D9932EBFC80"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]