ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: CA Products' Ingres Implementation Multiple Vulnerabilities



> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx] 
> Sent: Sunday, June 24, 2007 5:32 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [NEWS] CA Products' Ingres Implementation Multiple 
> Vulnerabilities
> 
> 
> CA Products' Ingres Implementation Multiple Vulnerabilities 
> 
> 
> 
> Various CA products that embed Ingres products contain 
> multiple vulnerabilities that can allow an attacker to 
> potentially execute arbitrary code. CA has issued fixes, to 
> address all of these vulnerabilities, for all supported CA 
> products that may be affected. 
> 
> 
> Affected Products: 
>  * Advantage Data Transformer r2.2 
>  * AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1 
>  * AllFusion Harvest Change Manager r7, r7.1 
>  * BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 
> (Unix, Linux and Mainframe Linux) 
>  * BrightStor ARCserve Backup for Laptops and Desktops r11.5 
>  * BrightStor Enterprise Backup (Unix only) r10.5 
>  * BrightStor Storage Command Center r11.5 
>  * BrightStor Storage Resource Manager r11.5 
>  * CleverPath Aion Business Rules Expert r10.1 
>  * CleverPath Aion Business Process Monitoring r10.1 
>  * CleverPath Predictive Analysis Server r3 
>  * DocServer 1.1 
>  * eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2 
>  * eTrust Audit r8 SP2 
>  * eTrust Directory r8.1 
>  * eTrust IAM Suite r8.0 
>  * eTrust IAM Toolkit r8.0, r8.1 
>  * eTrust Identity Manager r8.1 
>  * eTrust Network Forensics r8.1 
>  * eTrust Secure Content Manager r8 
>  * eTrust Single Sign-On r7, r8, r8.1 
>  * eTrust Web Access Control 1.0 
>  * Unicenter Advanced Systems Management r11 
>  * Unicenter Asset Intelligence r11 
>  * Unicenter Asset Management r11 
>  * Unicenter Asset Portfolio Management r11.2.1, r11.3 
>  * Unicenter CCS r11 
>  * Unicenter Database Command Center r11.1 
>  * Unicenter Desktop and Server Management r11 
>  * Unicenter Desktop Management Suite r11 
>  * Unicenter Enterprise Job Manager r1 SP3, r1 SP4 
>  * Unicenter Job Management Option r11 
>  * Unicenter Lightweight Portal 2 
>  * Unicenter Management Portal r3.1.1 
>  * Unicenter Network and Systems Management r3.0, r11 
>  * Unicenter Network and Systems Management - Tiered - Multi 
> Platform r3.0 0305, r3.1 0403, r11.0 
>  * Unicenter Patch Management r11 
>  * Unicenter Remote Control 6, r11 
>  * Unicenter Service Accounting r11, r11.1 
>  * Unicenter Service Assure r2.2, r11, r11.1 
>  * Unicenter Service Catalog r11, r11.1 
>  * Unicenter Service Delivery r11.0, r11.1 
>  * Unicenter Service Intelligence r11 
>  * Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1 
>  * Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, 
> r11, r11.1, r11.2 
>  * Unicenter Software Delivery r11 
>  * Unicenter TNG 2.4, 2.4.2, 2.4.2J 
>  * Unicenter Workload Control Center r1 SP3, r1 SP4 
>  * Unicenter Web Services Distributed Management 3.11, 3.50 
>  * Wily SOA Manager 7.1 
> 
> Affected Platforms: 
> All operating system platforms supported by the various CA 
> products that embed Ingres. This includes Windows, Linux, and 
> supported UNIX platforms. 
> 
> 1) Ingres controllable pointer overwrite vulnerability 
> (reported by NGSSoftware) [Ingres bug 115927, CVE-2007-3336, 
> CAID 35450] 
> 
> Description: An unauthenticated attacker can potentially 
> execute arbitrary code within the context of the database server. 
> 
> 2) Ingres remote unauthenticated pointer overwrite #2 
> (reported by NGSSoftware) [Ingres bug 115927, CVE-2007-3336, 
> CAID 35450] 
> 
> Description: An unauthenticated attacker can exploit a 
> pointer overwrite vulnerability to execute arbitrary code 
> within the context of the database server. 
> 
> 3) Ingres wakeup file overwrite (reported by NGSSoftware) 
> [Ingres bug 115913, CVE-2007-3337, CAID 35451] 
> 
> Description: The "wakeup" binary creates a file named 
> "alarmwkp.def" in the current directory, truncating the file 
> if it already exists. The "wakeup" binary is setuid "ingres" 
> and world-executable. Consequently, an attacker can truncate 
> a file with the privileges of the "ingres" user. 
> 
> 4) Ingres uuid_from_char stack overflow (reported by 
> NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] 
> 
> Description: An attacker can pass a long string as an 
> argument to uuid_from_char() to cause a stack buffer overflow 
> and the saved returned address can be overwritten. 
> 
> 5) Ingres verifydb local stack overflow (reported by 
> NGSSoftware) [Ingres bug 115911, CVE-2007-3338, CAID 35452] 
> 
> Description: A local attacker can exploit a stack overflow in 
> the Ingres verifydb utility duve_get_args function. 
> 
> 6) Communication server heap corruption (reported by 
> iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] 
> 
> Description: An attacker can execute arbitrary code within 
> the context of the communications server (iigcc.exe). This 
> only affects Ingres on the Windows operating system. Reported 
> by iDefense as IDEF2023. 
> 
> 7) Data Access/JDBC server heap corruption (reported by 
> iDefense) [Ingres bug 117523, CVE-2007-3334, CAID 35453] 
> 
> Description: An attacker can execute arbitrary code within 
> the context of the Data Access server (iigcd.exe) in r3 or 
> the JDCB server in older releases. This only affects Ingres 
> on the Windows operating system. Reported by iDefense as IDEF2022. 
> 
> Status and Recommendation: 
> CA recommends that customers apply the appropriate fix(es) 
> listed on the Security Notice page: 
> http://supportconnectw.ca.com/premium/ca_common_docs/ingres/in
> gres_secnotice.asp 
> 
> 
> Additional Information: 
> The information has been provided by Williams, James K 
> <mailto:James.Williams@xxxxxx> . 
> The original article can be found at: 
> http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?
> cid=145778 
> 
> 
> ==============================================================
> ================== 
> 



 




Copyright © Lexa Software, 1996-2009.