cbcvebase.
CVE-2007-3338
published 2007-06-22

CVE-2007-3338: Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow…

PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
6.67%
93.1th percentile
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

Affected

4 ranges
VendorProductVersion rangeFixed in
ingresdatabase_server
ingresdatabase_server
ingresdatabase_server
ingresdatabase_server

Detection & IOCsextracted from sources · hover to see the quote

processiigcc
processiijdbc
bytes
\x41 * 2106 + \x42 * 4 (iigcc overflow trigger)
bytes
\x41 * 1066 + \x42 * 4 (iijdbc overflow trigger)
  • Exploitation targets the uuid_from_char or duve_get_args functions in the Ingres database server; alert on stack-based buffer overflow attempts against these named functions.
  • Successful exploitation grants SYSTEM-level privileges on Windows; correlate Ingres service process spawning unexpected child processes or privilege escalation events.
  • Exploit sends a raw TCP payload of repeating 0x41 bytes (2106 for iigcc, 1066 for iijdbc) followed by 4 bytes of 0x42; network signatures should match oversized single-byte-repeated payloads to these services.
  • ·The PoC was tested specifically on Windows 2003 Server SP1 (English); exploit offsets (2106 for iigcc, 1066 for iijdbc) may differ on other OS versions or service pack levels.
  • ·The PoC author was unable to confirm code execution beyond denial-of-service/crash; actual RCE exploitation may require additional offset tuning.
  • ·Affected versions are Ingres 2006 9.0.4, r3, 2.6, and 2.5; the vulnerability is fixed in the last version.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.