HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2008-39
Multiple vulnerabilities in Ingres Database for Linux

Original issue date: August 13, 2008

Severity Rating: High

Systems Affected

  • Ingres 2006 release 2 (9.1.0)
  • Ingres 2006 release 1 (9.0.4)
  • Ingres 2.6

Overview

Multiple Security vulnerabilities have been identified in Ingres Database Server for Linux, which could be exploited by local attackers to obtain root privileges on the target system and cause arbitrary code execution and modification of user information.

Description

1. Insecure File Permissions Modification Vulnerability in     Ingres Database 'verifydb' Utility for Linux (CVE-2008-3356)

A file permissions modification vulnerability exists in the "verifydb" utility, which allows an attacker to overwrite arbitrary files owned by the "ingres" user. The 'verifydb' utility creates the 'iivdb.log' file with world-writable permissions in the current directory. A local user can create a symbolic link from a file on the target system to the log file to gain write access to the target file.

2. Stack Based Buffer Overflow Vulnerability in Ingres     Database ' libbecompat' Library for Linux (CVE-2008-3389)

A Stack-based buffer overflow vulnerability has been reported in 'libbecompat' library, which is used by several of the setuid "ingres" utilities.The exploitation of this boundary error could cause a stack-based buffer overflow e.g. via a specially crafted environmental variable which allows attackers to execute arbitrary code with privileges of the “ingres” user.

3. Untrusted Library Path Vulnerability in Ingres Database
    ' ingvalidpw ' Utility for Linux (CVE-2007-3357)

An untrusted library path vulnerability has been reported in the "ingvalidpw" utility,which could be exploited by attackers to execute arbitrary code with root privileges.This utility is used to verify a user's credentials, and is installed set-uid root. When loading shared libraries, the "ingvalidpw" program will load libraries from a directory owned by the "ingres" user. By using a specially crafted library, a user with "ingres" privileges can gain root.

Solution

The vendor has issued a fix available in advisory at:
http://www.ingres.com/support/security-alert-080108.php


Vendor Information

INGRES
http://ingres.com/support/security-alert-080108.php


References

 Secunia
http://secunia.com/advisories/31357/

SecuriTeam
http://www.securiteam.com/unixfocus/5XP0115P5W.html

SecurityFocus
http://www.securityfocus.com/bid/30512

SecurityTracker
http://securitytracker.com/alerts/2008/Aug/1020613.html
http://securitytracker.com/alerts/2008/Aug/1020614.html
http://securitytracker.com/alerts/2008/Aug/1020615.html

iDefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=733
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=732
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=731

AusCERT
http://www.auscert.org.au/render.html?it=9667

CVE Name
CVE-2008-3389
CVE-2008-3356
CVE-2008-3357

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003