Technical Description

Multiple vulnerabilities have been identified in Ingres, which could be exploited by local attackers to gain elevated privileges.

The first issue is caused due to the "verifydb" utility having the set-uid bit set (owned by the "ingres" user) and improperly changing the permissions on files, which could allow an attacker to overwrite arbitrary files owned by the "ingres" user.

The second vulnerability is caused by a buffer overflow error in the "libbecompat" library when processing an overly long environment variable, which could allow an attacker to execute arbitrary code with the privileges of the "ingres" user.

The third issue is caused by an error in the set-uid root "ingvalidpw" utility that loads libraries from a directory owned by the "ingres" user in an insecure manner, which could be exploited to gain "root" privileges.

Affected Products

Ingres 2006 release 2 version 9.1.0
Ingres 2006 release 1 version 9.0.4
Ingres version 2.6

Solution

Apply fixes :
http://www.ingres.com/support/security-alert-080108.php

References

http://www.vupen.com/english/advisories/2008/2292
http://www.ingres.com/support/security-alert-080108.php
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=731
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733

Credits

Vulnerabilities reported by iDefense Labs.

ChangeLog

2008-08-05 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.