Vigil@nce: Ingres, buffer overflow of iidbms
February 2010 by Vigil@nce
An attacker can send a malicious query to the iidbms process of
Ingres, in order to generate a denial of service or to execute
code.
– Severity: 2/4
– Consequences: privileged access/rights, denial of service of
service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 29/01/2010
IMPACTED PRODUCTS
– CA Ingres
DESCRIPTION OF THE VULNERABILITY
The iidbms (Ingres II DBMS) process is the data manager engine.
An unauthenticated attacker can send a message containing a long
field to iidbms, which creates a buffer overflow.
An attacker can therefore send a malicious query to the iidbms
process of Ingres, in order to generate a denial of service or to
execute code.
CHARACTERISTICS
– Identifiers: BID-38001, VIGILANCE-VUL-9393
– Url: http://vigilance.fr/vulnerability/Ingres-buffer-overflow-of-iidbms-9393