VYPR
Unrated severityNVD Advisory· Published Aug 5, 2008· Updated Jun 16, 2026

CVE-2008-3356

CVE-2008-3356

Description

verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Actian/Ingres6 versions
    cpe:2.3:a:ingres:ingres:2006:9.0.1:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:ingres:ingres:2006:9.0.1:*:*:*:*:*:*
    • cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*
    • cpe:2.3:a:ingres:ingres:2006:release_1:*:*:*:*:*:*
    • cpe:2.3:a:ingres:ingres:2006:release_2:*:*:*:*:*:*
    • cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*
    • (no CPE)range: 2.6, 2006 release 1 (aka 9.0.4), 2006 release 2 (aka 9.1.0)

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.