Security vulnerabilities in Ingres database
Security vulnerabilities in the Ingres database, which CA placed under open source licensing in mid-2004, can enable attackers to inject malicious code and possibly execute the code with system privileges. This requires no authentication on the system. CA ships the Ingres database with multiple products, for example with the CA eTrust Secure Content Manager.
Security service company iDefense gives specifics about two of the vulnerabilites which, however, only affect Windows systems. In the components Communications Server (iigcc.exe) and Data Access Server (iigcd.exe), the software converts requests into a proprietary format. As the routines fail to check user-supplied strings before copying them into a fixed-size buffer, this can result in a buffer overflow.
Attackers can exploit the vulnerabilities using crafted requests on TCP port 10916, which is listened to by iigcc.exe, or port 10923, where iigcd.exe listens for incoming requests. According to iDefense, successfully exploiting the vulnerabilities is trivial. In the security advisory from CA, the company mentions additional security vulnerabilities that can also cause the server to be fully compromised; these also affect the Linux, Solaris, AIX and HP platforms. CA's recommendation for administrators is to update the affected versions: Ingres 2006, Ingres r3, Ingres 2.5 and 2.6; immediately with the security updates now available.
- Ingres Security Alert, security advisory from CA
- Ingres Database Multiple Heap Corruption Vulnerabilities, error report from iDefense
- support pages from CA with downloads of the security patches (registration required)