Vulnerability in Ingres Database_server
CVE-2007-3337
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.
EPSS: 0.004 (27.4th percentile) — read the EPSS interpretation.
Affected products
- Ingres Database_server — versions 2.5, 2.6, 9.0.4
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_CONFIRM)