Hello all,

Ingres Corp have sent this notice to VIP registered customers and
partners.
The patch information is available for supported clients via Service
Desk.
Note this also affects products with embedded ingres.

For more info look at
http://www.ingres.com/support/security.php

Also check these links:

http://www.ngssoftware.com/research/advisories/

http://labs.idefense.com/intelligenc...lay.php?id=546

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ingres

http://supportconnectw.ca.com/public...vuln_letter.as
p

I highly recommend joining the VIP program in order to keep in touch
with the latest ingres developments. There are some great on line
seminars. Check out http://www.ingres.com/customers/vip-program.php


Paul


---------------------------------------
COMMUNICATION CONTENT
June 21, 2007

Dear Valued Ingres Customer:

Information security is of utmost priority to Ingres. A number of
vulnerabilities have recently been identified in Ingres 2006 (version
9.0.4), Ingres r3, Ingres 2.6 and Ingres 2.5. We have given these
vulnerabilities a security threat level of High, and recommend that the
available security patches be applied immediately.

Fixes are available for the current release of Ingres (Ingres 2006), for
Ingres r3 on Windows, Linux, Solaris, AIX and HP and for Ingres 2.5 and
2.6 versions on their respective platforms. The security fixes are
available and can be quickly applied with little to no anticipated
impact to systems.

Ingres customers with a current support contract can review the
following knowledge base document for information on downloading the
available fixes:
http://servicedesk.ingres.com/CAisd/...DETAIL+PERSID=
KD:415738+HTMPL=kt_document_view.htmpl.

CA customers using Ingres r3 with a current CA support contract can
download fixes from CA Support Connect from the MDB home page:
http://supportconnect.ca.com/.

We would like to thank Chris Anley (chris@ngssoftware.com), Director and
Founder of NGSSoftware, Ltd., for bringing the following vulnerabilities
to our attention.

Ingres controllable pointer overwrite vulnerability - bug 115927
Description: An unauthenticated attacker can potentially execute
arbitrary code within the context of the database server.

Ingres remote unauthenticated pointer overwrite 2 - bug 115927
Description: An unauthenticated attacker can exploit a pointer
overwrite vulnerability to execute arbitrary code within the context of
the database server.

Ingres wakeup file overwrite - bug 115913
Description: The "wakeup" binary creates a file named "alarmwkp.def" in
the current directory, truncating the file if it already exists. The
"wakeup" binary is setuid "ingres" and world-executable. Consequently,
an attacker can truncate a file with the privileges of the "ingres"
user.

Ingres uuid_from_char stack overflow - bug 115911
Description: An attacker can pass a long string as an argument to
uuid_from_char() to cause a stack buffer overflow and the saved return
address can be overwritten.

Ingres verifydb local stack overflow - bug 115911
Description: A local attacker can exploit a stack overflow in the
Ingres verifydb utility duve_get_args function.

We would like to additionally thank iDefense Labs for bringing the
following vulnerabilities to our attention.

Communication server heap corruption - bug 117523
Description: An attacker can execute arbitrary code within the context
of the communications server (iigcc.exe). This only affects Ingres on
the Windows operating system. Reported by iDefense as IDEF2023.

Data Access/JDBC server heap corruption - bug 117523
Description: An attacker can execute arbitrary code within the context
of the Data Access server (iigcd.exe) in r3 or the JDCB server in older
releases. This only affects Ingres on the Windows operating system.
Reported by iDefense as IDEF2022.

For more information about Ingres security alerts and to register to
proactively receive these alerts via email please send an email to;
ingressvnotification-request@lists.ingres.com.


Regards,


Bill Maimone
Senior Vice President, Engineering
Ingres Corporation
---------------------------------------