ID

VAR-200808-0318

CVE

CVE-2008-3356

TITLE

Linux Etc. Ingres of verifydb Vulnerable to overwriting arbitrary files

DESCRIPTION

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. Ingres Database is prone to multiple local vulnerabilities: - Multiple local privilege-escalation vulnerabilities - A vulnerability that may allow attackers to overwrite arbitrary files. Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user. iDefense Security Advisory 08.01.08 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 01, 2008 I. BACKGROUND Ingres Database is a database server used in several Computer Associates' products. For example, CA Directory Service uses the Ingres Database server. More information can be found on the vendor's website at the following URL. http://ingres.com/downloads/prod-cert-download.php II. The vulnerability exists within the "verifydb" utility included with Ingres. It is used to cleanup unneeded files created in the database directory. This program has the set-uid bit set, and is owned by the "ingres" user. The "verifydb" program improperly changes the permissions on files. III. By itself, this vulnerability does not have very serious consequences. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected. V. WORKAROUND iDefense is currently unaware of any workaround for this issue. VI. VENDOR RESPONSE "This problem has been identified and resolved by Ingres in the following releases: Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4), and Ingres 2.6." For more information, refer to Ingres' advisory at the following URL. http://www.ingres.com/support/security-alert-080108.php VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3356 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 07/20/2007 Initial vendor response 07/23/2007 Initial vendor notification 08/01/2008 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Title: CA Products That Embed Ingres Multiple Vulnerabilities CA Advisory Date: 2008-08-01 Reported By: iDefense Labs Impact: A remote attacker can execute arbitrary code, gain privileges, or cause a denial of service condition. Summary: CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition. These vulnerabilities exist in the products and on the platforms listed below. These vulnerabilities do not impact any Windows-based Ingres installation. The first vulnerability, CVE-2008-3356, allows an unauthenticated attacker to potentially set the user and/or group ownership of a verifydb log file to be Ingres allowing read/write permissions to both. The third vulnerability, CVE-2008-3389, allows an unauthenticated attacker to obtain ingres user privileges. However, when combined with the unsecured directory privileges vulnerability (CVE–2008-3357), root privileges can be obtained. Mitigating Factors: These vulnerabilities do not impact any Windows-based Ingres installation. Severity: CA has given these vulnerabilities a High risk rating. Affected Products: Admin r8.1 SP2 Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 CleverPath Aion BPM r10.1, r10.2 EEM 8.1, 8.2, 8.2.1 eTrust Audit/SCC 8.0 sp2 Identity Manager r12 NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 Unicenter Asset Management r11.1, r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r2.2, r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 Unicenter Software Delivery r11.1, r11.2 Unicenter Workload Control Center r11 Affected Platforms: 1. Ingres verifydb file create permission override (CVE-2008-3356) This vulnerability impacts all platforms except Windows. 2. Ingres un-secure directory privileges with utility ingvalidpw (CVE - 2008-3357) This vulnerability impacts only Linux and HP platforms. 3. Ingres verifydb, iimerge, csreport buffer overflow (CVE-2008-3389) This vulnerability impacts only Linux and HP platforms. Status and Recommendation: The most prudent course of action for affected customers is to download and apply the corrective maintenance. However, updates are provided only for the following releases: 2.6 and r3 Important: Customers using products that embed an earlier version of Ingres r3 should upgrade Ingres to the release that is currently supported (3.0.3/103 on Linux and 3.0.3/211 on UNIX platforms) before applying the maintenance updates. Please contact your product's Technical Support team for more information. For these products: Admin r8.1 SP2 CA ARCserve Backup for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11 Apply the update below that is listed for your platform (note that URLs may wrap): AIX [3.0.3 (r64.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12833-r64-us5.tar.z HP-UX Itanium [3.0.3 (i64.hpu/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12831-i64-hpu.tar.z HP-UX RISC [3.0.3 (hp2.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12830-hp2-us5.tar.z Linux AMD [3.0.3 (a64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12835-a64-lnx.tar.z Linux Intel 32bit [3.0.3 (int.lnx/103)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.103.12836-int-lnx.tar.z Linux Itanium [3.0.3 (i64.lnx/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12838-i64-lnx.tar.z Solaris SPARC [3.0.3 (su9.us5/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12834-su9-us5.tar.z Solaris x64/x86 [3.0.3 (a64.sol/211)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/patch-3.0.3.211.12832-a64-sol.tar.z Ingres r3 Vulnerability Updates Install Steps (August 1, 2008) Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd <patch_directory> 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or <patch_directory>/patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2 Apply the build below that is listed for your platform (note that URLs may wrap): AIX ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12833-r64-us5.tar HP-UX Itanium ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12831-i64-hpu.tar HP-UX RISC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12830-hp2-us5.tar Linux AMD EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-x86_64.tar.gz Linux AMD II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-x86_64.tgz Linux Intel EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-EI-linux-i386.tgz Linux Intel II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-103-pc-linux-i386.tgz Linux Itanium EI build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-EI-linux-ia64.tar.gz Linux Itanium II build ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/ingres-3.0.3-211-linux-ia64.tgz Solaris SPARC ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12834-su9-us5.tar Solaris x64/x86 ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/r3/install-3.0.3.211.12832-a64-sol.tar Ingres r3 Build Install Steps (August 1, 2008) Important: Prior to installing the build, a full operating system backup of the $II_SYSTEM/ingres directory on Unix/Linux and %II_SYSTEM%\ingres directory on Windows must be taken with Ingres completely shut down. Also, a backup of any other DATA locations that you may have must be taken, again with Ingres shut down. In case there is a problem with the update install, this allows Ingres to be restored from the backup. Unix: 1. Log in to the system as the installation owner and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres home directory 2. PATH must include $II_SYSTEM/ingres/bin and $II_SYSTEM/ingres/utility directories 3. Add $II_SYSTEM/ingres/lib to the shared library path 4. Set TERM to ‘vt100' and TERM_INGRES to ‘vt100fx' 2. Copy the downloaded update file to the /tmp directory and uncompress 3. Read in the update file with the following commands: umask 022 tar xf [update_file] This creates a directory containing the distribution and other files. 4. Stop all applications that may be connected to or using any of the files in the Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. Also, copy the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files to a safe location to ensure that the configuration can be restored. 7. From the root directory of the Ingres installation ($II_SYSTEM/ingres), run the following command: tar xf /tmp/<update_directory>/ingres.tar install 8. Run the following command: install/ingbuild 9. The initial install screen appears. 10. In the Distribution medium enter the full path to the ‘ingres.tar' file (including the file) (See step 4). 11. Choose PackageInstall from the list of installation options and then choose ‘Stand alone DBMS Server' from the list of packages. Then choose ExpressInstall. 12. Choose Yes in the pop-up screen and press Enter key. The install utility verifies that each component was transferred properly from the distribution medium. When this is finished (without errors), another pop-up screen for setting up the components comes up. 13. Select Yes and press Enter key to go to the Setup program. 14. Once the installation is complete, check the $II_SYSTEM/ingres/files/install.log for any errors. Also, check the $II_SYSTEM/ingres/version.rel file to verify the new build is referenced; this should show 3.0.3 for the build. 15. If there are no errors, then restore the $II_SYSTEM/ingres/files/config.dat and $II_SYSTEM/ingres/files/symbol.tbl files from the copies made in step 6 to replace the existing files. 16. Start Ingres using the ‘ingstart' utility: ingstart 17. Upgrade the databases in the installation to the new release level: upgradedb -all Linux: 1. Log on to the machine as ‘root'. 2. Copy the downloaded build update file and to a previously chosen directory and uncompress. 3. Read in the update file with the following command: tar xf [update file] This creates a directory containing rpm packages for all of the Ingres tools. 4. Shut down any non-Ingres application(s) that may be connected to or using any of the files in the specified Ingres instance. 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Important: Take an operating system backup of the $II_SYSTEM/ingres directory and other DATA locations that you may have elsewhere. 7. From the directory that was created in step 3, install the update rpms with the following command: rpm –Uvh *.rpm If the following error is seen for either the ‘ca-ingres-documentation-3.0.3-103', the ‘ca-ingres-CATOSL-3.0.3-103' or the ‘ca-cs-utils-11.0.04348-0000' (or all of them) packages, remove them from the directory containing the rpms and re-run the above command: package <package-name> is already installed 8. If the installation finishes successfully, then log on as ‘ingres' to the machine and start Ingres using the ‘ingstart' utility: ingstart 9. Upgrade ‘mdb' database with the following command: upgradedb -all For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0 Apply the update below that is listed for your platform (note that URLs may wrap): AIX 32bit [2.6/xxxx (rs4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12718.tar.Z AIX 64bit [2.6/xxxx (r64.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12798.tar.Z HP-UX with ARCserve 11.1 or 11.5/GA/SP1/SP2/SP3 https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 HP-UX Itanium [2.6/xxxx (i64.hpu/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12748.tar.Z HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12742.tar.Z HP-UX RISC 32bit [2.6/xxxx (hpb.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12888.tar.Z HP-UX RISC 64bit [2.6/xxxx (hp2.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12749.tar.Z HP Tru64 UNIX [2.6/xxxx (axp.osf/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12676.tar.Z Linux AMD64 [2.6/xxxx (a64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12809.tar.Z Linux Intel 32bit [2.6/xxxx (int.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12645.tar.Z Linux Intel 32bit [2.6/xxxx (int.lnx/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12647.tar.Z Linux Intel 32bit [2.6/xxxx (int.lnx/00)LFS] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12646.tar.Z Linux Itanium [2.6/xxxx (i64.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12648.tar.Z Linux S/390 [2.6/xxxx (ibm.lnx/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12877.tar.Z Solaris SPARC 32bit [2.6/xxxx (su4.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12713.tar.Z Solaris SPARC 32bit double [2.6/xxxx (su4.us5/00)DBL] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12879.tar.Z Solaris SPARC 64bit [2.6/xxxx (su9.us5/00)] ftp://ftp.ca.com/CAproducts/ips/MDB/Generic_Ingres/Patches/2.6/p12751.tar.Z Ingres 2.6 Vulnerability Updates Install Steps (August 1, 2008) Unix/Linux: 1. Log on to your system using the installation owner account and make sure the environment is set up correctly: 1. II_SYSTEM must be set to the Ingres system files 2. PATH must include $II_SYSTEM/bin and $II_SYSTEM/utility directories. 2. Change directory to the root directory of the Ingres installation or use a previously created directory. cd $II_SYSTEM/ingres or cd <patch_directory> 3. Copy the download maintenance update file in to the current directory and uncompress 4. Read in the update file with the following commands: umask 022 tar xf [update_file] This will create the directory: $II_SYSTEM/ingres/patchXXXXX or <patch_directory>/patchXXXXX Note: ‘XXXXX' in patchXXXXX refers to the update number 5. Stop all Ingres processes with the ‘ingstop' utility: ingstop 6. Change directory to the patch directory: cd patchXXXXX 7. Within the patch directory run the following command: ./utility/iiinstaller Please check the $II_SYSTEM/ingres/files/patch.log file to make sure the patch was applied successfully. Also check the $II_SYSTEM/ingres/version.rel to make sure the patch is referenced. Note: The patch can also be installed silently using the ‘-m' flag with iiinstaller: ./utility/iiinstaller -m 8. Once the patch install has been complete, re-link the iimerge binary with the following command: iilink 9. Ingres can then be restarted with the ‘ingstart' utility: ingstart How to determine if you are affected: For these products: Admin r8.1 SP2 ARCserve for Linux r11.5 SP2/SP3 CA Directory r8.1 CA Job Management Option R11.0 CA Single Sign-On r8.1 EEM 8.2 EEM 8.2.1 Identity Manager r12 NSM r11 Unicenter Asset Management r11.1 Unicenter Asset Management r11.2 Unicenter Remote Control r11.2 Unicenter Service Catalog r11.1 Unicenter Service Metric Analysis r11.1 Unicenter ServicePlus Service Desk r11 Unicenter ServicePlus Service Desk r11.1 Unicenter ServicePlus Service Desk r11.2 Unicenter Software Delivery r11.1 Unicenter Software Delivery r11.2 Unicenter Workload Control Center r11 The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211) Notes: 1. You would need to install the Ingres build instead of the patch if either of the following is true: 1. If the Ingres release for your platform is not 3.0.3 in the release identifier or 2. The Ingres release is 3.0.3 but the build level is not 103 for Linux and 211 for all the Unix platforms. If either of the above is true then download and apply the latest build for your operating system(s). 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. For these products: Advantage Data Transformer r2.2 Allfusion Harvest Change Manager r7.1 ARCserve for Linux r11.5 GA/SP1 CleverPath Aion BPM r10.1 CleverPath Aion BPM r10.2 The maintenance updates are provided for the latest r3 builds supported by CA which are 3.0.3/103 (Linux) and 3.03/211 (UNIX platforms). If the build embedded is earlier than 3.0.3, it has to be upgraded to 3.0.3 to fix the vulnerabilities. The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel The release identifier will be as follows: Operating System Release identifier HP Sparc 32/64bit II 3.0.3 (hp2.us5/211) HP Itanium II 3.0.3 (i64.hpu/211) Intel Solaris 32/64bit II 3.0.3 (a64.sol/211) AIX 32/64bit II 3.0.3 (r64.us5/211) Solaris 32/64bit II 3.0.3 (su9.us5/211) AMD Linux II 3.0.3 (a64.lnx/211) Intel Linux II 3.0.3 (int.lnx/103) Itanium Linux II 3.0.3 (i64.lnx/211) Important: For Linux (AMD, Intel and Itanium) platforms, after applying the build provided on this page, please download and apply the maintenance update. For the other platforms, the builds are patched to the latest maintenance update. Note: 1. If the release you are using is already 3.0.3 build 103 on Linux and 3.0.3 build 211 on Unix, then download and install the maintenance update. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. For these products: CA ARCserve Backup for Unix r11.1 CA ARCserve Backup for Unix r11.5 GA/SP1/SP2 CA ARCserve Backup for Unix r11.5 SP3 CA ARCserve Backup for Linux r11.1 EEM 8.1 eTrust Audit/SCC 8.0 sp2 NSM 3.0 0305 NSM 3.1 0403 NSM r3.1 SP1 0703 Unicenter Service Catalog r2.2 Unicenter ServicePlus Service Desk 6.0 The Ingres release information is maintained in %II_SYSTEM%\ingres\version.rel: UNIX or Linux: cat version.rel The release identifier will be as follows: Operating System Release identifier AIX 32bit II 2.6/xxxx (rs4.us5/00) AIX 64bit II 2.6/xxxx (r64.us5/00) HP-UX Itanium II 2.6/xxxx (i64.hpu/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00) HP-UX RISC 32bit II 2.6/xxxx (hpb.us5/00)DBL HP-UX RISC 64bit II 2.6/xxxx (hp2.us5/00) HP Tru64 UNIX II 2.6/xxxx (axp.osf/00) Linux AMD64 II 2.6/xxxx (a64.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00) Linux Intel 32bit II 2.6/xxxx (int.lnx/00)DBL Linux Intel 32bit II 2.6/xxxx (int.lnx/00)LFS Linux Itanium II 2.6/xxxx (i64.lnx/00) Linux S/390 II 2.6/xxxx (ibm.lnx/00) Solaris SPARC 32bit II 2.6/xxxx (su4.us5/00) Solaris SPARC 32bit double II 2.6/xxxx (su4.us5/00)DBL Solaris SPARC 64bit II 2.6/xxxx (su9.us5/00) Note: 1. If the Ingres release embedded in your product is not 2.6, please get the appropriate update here. 2. If the OS platform you are running Ingres on is not listed, please contact Technical Support. 3. For HP-UX platform with CA ARCserve Backup 11.1 or 11.5/GA/SP1/SP2/SP3, download the published ARCserve fix, RO01277: https://support.ca.com/irj/portal/anonymous/solndtls?aparNo=RO01277&os=HP&actionID=3 and follow the enclosed instructions to install the security patch. Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Products That Embed Ingres https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 Solution Document Reference APARs: RO01277 (ARCserve only) CA Security Response Blog posting: CA Products That Embed Ingres Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/06.aspx Reported By: iDefense Labs Ingres Database for Linux verifydb Insecure File Permissions Modification Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 Ingres Database for Linux libbecompat Stack Based Buffer Overflow Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 Ingres Security Vulnerability Announcement as of August 01, 2008 http://www.ingres.com/support/security-alert-080108.php CVE References: CVE-2008-3356 - Ingres verifydb file create permission override. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3356 CVE-2008-3357 - Ingres un-secure directory privileges with utility ingvalidpw. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3357 CVE-2008-3389 - Ingres verifydb, iimerge, csreport buffer overflow. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3389 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Ingres Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31357 VERIFY ADVISORY: http://secunia.com/advisories/31357/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Ingres 2.x http://secunia.com/product/14576/ Ingres 2006 (9.x) http://secunia.com/product/14574/ DESCRIPTION: Some vulnerabilities have been reported in Ingres, which can be exploited by malicious, local users to gain escalated privileges. 2) A boundary error exists within the "libbecompat" library that is used by several of the setuid "ingres" utilities. This can be exploited to cause a stack-based buffer overflow e.g. via a specially crafted environmental variable. 3) An error exists within the "ingvalidpw" utility due to being setuid "root" and loading shared libraries from a directory owned by the "ingres" user. SOLUTION: The vendor has issued fixes. Please see the knowledge base document (customer login required). http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:416012+HTMPL=kt_document_view.htmpl PROVIDED AND/OR DISCOVERED BY: An anonymous researcher, reported via iDefense. ORIGINAL ADVISORY: Ingres: http://www.ingres.com/support/security-alert-080108.php iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

permissions and access control

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

iDEFENSE

SOURCES

LAST UPDATE DATE

2024-11-23T21:48:24.596000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE