CVE-2007-3336

Ingres database server <9.0.4 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3336. PoCs published by fdiskyou.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Computer Associates Advantage Ingres 2.6 by sending a crafted payload to either the iigcc or iijdbc service, causing a crash. The PoC targets specific offsets (2106 bytes for iigcc, 1066 bytes for iijdbc) to overwrite pointers and trigger a denial-of-service condition.

Description

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fdiskyou · pythondoswindows

https://www.exploit-db.com/exploits/14646

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Computer Associates Advantage Ingres 2.6 by sending a crafted payload to either the iigcc or iijdbc service, causing a crash. The PoC targets specific offsets (2106 bytes for iigcc, 1066 bytes for iijdbc) to overwrite pointers and trigger a denial-of-service condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Computer Associates Advantage Ingres 2.6

No auth needed

Prerequisites: Network access to the target service · Vulnerable version of Computer Associates Advantage Ingres 2.6

MITRE ATT&CK