- Description
- Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
- Comment
- -
- Impact
- "Exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the "ingres" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. " (iDefense)
- Solution
- "Exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the "ingres" user. By itself, this vulnerability does not have very serious consequences. However, when combined with the library loading vulnerability, it allows an attacker to execute arbitrary code with root privileges. " (iDefense)
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCE11A92-56B9-43A2-9E3D-D511AE713F45"
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D988634E-4C81-457B-AA97-9C55575E9DB6"
},
{
"criteria": "cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "708FD550-E400-4973-979B-3D9932EBFC80"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]