CVE-2007-3334
published 2007-06-21CVE-2007-3334: Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server…
PriorityP353critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.32%
95.1th percentile
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ca | etrust_secure_content_manager | — | — |
| ingres | database_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unexpected truncation or modification of the file 'alarkp.def' on disk, which is a known artifact of exploitation of these Ingres vulnerabilities. ↗
- →Exploitation targets Windows systems running CA eTrust Secure Content Manager r8 with Ingres Database Server; monitor for SYSTEM-level process spawning from iigcc.exe or iigcd.exe parent processes. ↗
- ·The exploit covers multiple CVEs beyond CVE-2007-3334; the same payload script targets CVE-2007-3336, CVE-2007-3337, and CVE-2007-3338 as well, so detections may fire on related but distinct vulnerabilities. ↗
- ·The exact service port is not hardcoded in the exploit; it is supplied as a runtime argument, so no single fixed port can be used as a reliable detection filter. ↗
- ·The NVD advisory describes the attack vectors as 'unknown', limiting the ability to craft precise payload-content signatures beyond what the PoC demonstrates. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004854; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004852; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA000
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004855; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004851; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004853; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1034 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"category_id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1034; reference:url,www.milw0rm.com/exploits/3334; classtype:web-application-attack; sid:2004856; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mit
No writeups or analysis indexed.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546http://osvdb.org/37487http://osvdb.org/37488http://secunia.com/advisories/25756http://secunia.com/advisories/25775http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asphttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778http://www.securityfocus.com/bid/24585http://www.securitytracker.com/id?1018278http://www.vupen.com/english/advisories/2007/2288http://www.vupen.com/english/advisories/2007/2290https://exchange.xforce.ibmcloud.com/vulnerabilities/34991https://exchange.xforce.ibmcloud.com/vulnerabilities/34992https://exchange.xforce.ibmcloud.com/vulnerabilities/35002http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546http://osvdb.org/37487http://osvdb.org/37488http://secunia.com/advisories/25756http://secunia.com/advisories/25775http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asphttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778http://www.securityfocus.com/bid/24585http://www.securitytracker.com/id?1018278http://www.vupen.com/english/advisories/2007/2288http://www.vupen.com/english/advisories/2007/2290https://exchange.xforce.ibmcloud.com/vulnerabilities/34991https://exchange.xforce.ibmcloud.com/vulnerabilities/34992https://exchange.xforce.ibmcloud.com/vulnerabilities/35002
2007-06-21
Published