Lucene search

MitreCVE-2007-6334

HistoryDec 20, 2007 - 11:46 p.m.

CVE-2007-6334

2007-12-2023:46:00

CWE-264

mitre

web.nvd.nist.gov

cve-2007-6334

ingres

windows

remote attackers

privilege escalation

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.009

Percentile

83.4%

JSON

Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.

Affected configurations

Nvd

Node

microsoftwindows_nt

AND

ingresingresMatch2.5

ingresingresMatch2.6

VendorProductVersionCPE
microsoftwindows_nt*cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*
ingresingres2.5cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*
ingresingres2.6cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_nt	*	cpe:2.3:o:microsoft:windows_nt::::::::
ingres	ingres	2.5	cpe:2.3:a:ingres:ingres:2.5:::::::*
ingres	ingres	2.6	cpe:2.3:a:ingres:ingres:2.6:::::::*

References

secunia.com/advisories/28183

secunia.com/advisories/28187

supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp

www.ingres.com/support/security-alertDec17.php

www.osvdb.org/39358

www.securityfocus.com/archive/1/485448/100/0/threaded

www.securityfocus.com/bid/26959

www.securitytracker.com/id?1019134

www.vupen.com/english/advisories/2007/4303

www.vupen.com/english/advisories/2007/4304

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.009

Percentile

83.4%

JSON

Related for CVE-2007-6334