|
|
CVE Reference: CVE-2008-3356 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3356 |
|
|
Description: verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/44177 ST 1020613 SAID Secunia Advisory: SA31357 Secunia Advisory: SA31398 IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731 CONFIRM http://www.ingres.com/support/security-alert-080108.php BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/495177/100/0/threaded BID 30512 |
|
| Return to the previous page. |
