Twenty Year Anniversary
CAID-Ingres.txt
Authored by
Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code.
advisories | , , ,
MD5 | edaf627e739
Share This
CAID-Ingres.txt
Title: [CAID 3, 3]: CA Products That Embed Ingres Multiple VulnerabilitiesCA Vuln ID (CAID): 3, 3CA Advisory Date: Reported By: NGSSoftware, and iDefenseImpact: Attackers can potentially execute arbitrary code, or overwrite files.Summary: Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code. CA has issued fixes, to address all of these vulnerabilities, for all supported CA products that may be affected.1) Ingres controllable pointer overwrite vulnerability (reported by NGSSoftware) [Ingres bug 115927, CVE-, CAID 35450]Description: An unauthenticated attacker can potentially execute arbitrary code within the context of the database server.2) Ingres remote unauthenticated pointer overwrite #2 (reported by NGSSoftware) [Ingres bug 115927, CVE-, CAID 35450]Description: An unauthenticated attacker can exploit a pointer overwrite vulnerability to execute arbitrary code within the context of the database server.3) Ingres wakeup file overwrite (reported by NGSSoftware) [Ingres bug 115913, CVE-, CAID 35451]Description: The &wakeup& binary creates a file named &alarmwkp.def& in the current directory, truncating the file if it already exists. The &wakeup& binary is setuid &ingres& and world-executable. Consequently, an attacker can truncate a file with the privileges of the &ingres& user.4) Ingres uuid_from_char stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-, CAID 35452]Description: An attacker can pass a long string as an argument to uuid_from_char() to cause a stack buffer overflow and the saved returned address can be overwritten.5) Ingres verifydb local stack overflow (reported by NGSSoftware) [Ingres bug 115911, CVE-, CAID 35452]Description: A local attacker can exploit a stack overflow in the Ingres verifydb utility duve_get_args function.6) Communication server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-, CAID 35453]Description: An attacker can execute arbitrary code within the context of the communications server (iigcc.exe). This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2023.7) Data Access/JDBC server heap corruption (reported by iDefense) [Ingres bug 117523, CVE-, CAID 35453]Description: An attacker can execute arbitrary code within the context of the Data Access server (iigcd.exe) in r3 or the JDCB server in older releases. This only affects Ingres on the Windows operating system. Reported by iDefense as IDEF2022.Mitigating Factors: NoneSeverity: CA has given these vulnerabilities a cumulative High risk rating.Affected Products:Advantage Data Transformer r2.2AllFusion Enterprise Workbench r1.1, 1.1 SP1, r7, r7.1AllFusion Harvest Change Manager r7, r7.1BrightStor ARCserve Backup v9 (Linux only), r11.1, r11.5 (Unix,
Linux and Mainframe Linux)BrightStor ARCserve Backup for Laptops and Desktops r11.5BrightStor Enterprise Backup (Unix only) r10.5BrightStor Storage Command Center r11.5BrightStor Storage Resource Manager r11.5CleverPath Aion Business Rules Expert r10.1CleverPath Aion Business Process Monitoring r10.1CleverPath Predictive Analysis Server r3DocServer 1.1eTrust Admin v8, v8.1, r8.1 SP1, r8.1 SP2eTrust Audit r8 SP2eTrust Directory r8.1eTrust IAM Suite r8.0eTrust IAM Toolkit r8.0, r8.1eTrust Identity Manager r8.1eTrust Network Forensics r8.1eTrust Secure Content Manager r8eTrust Single Sign-On r7, r8, r8.1eTrust Web Access Control 1.0Unicenter Advanced Systems Management r11Unicenter Asset Intelligence r11Unicenter Asset Management r11Unicenter Asset Portfolio Management r11.2.1, r11.3Unicenter CCS r11Unicenter Database Command Center r11.1Unicenter Desktop and Server Management r11Unicenter Desktop Management Suite r11Unicenter Enterprise Job Manager r1 SP3, r1 SP4Unicenter Job Management Option r11Unicenter Lightweight Portal 2Unicenter Management Portal r3.1.1Unicenter Network and Systems Management r3.0, r11Unicenter Network and Systems Management - Tiered - Multi Platform
r3.0 0305, r3.1 0403, r11.0Unicenter Patch Management r11Unicenter Remote Control 6, r11Unicenter Service Accounting r11, r11.1Unicenter Service Assure r2.2, r11, r11.1Unicenter Service Catalog r11, r11.1Unicenter Service Delivery r11.0, r11.1Unicenter Service Intelligence r11Unicenter Service Metric Analysis r3.0.2, r3.5, r11, r11.1Unicenter ServicePlus Service Desk 5.5 SP3, 6.0, 6.0 SP1, r11,
r11.1, r11.2Unicenter Software Delivery r11Unicenter TNG 2.4, 2.4.2, 2.4.2JUnicenter Workload Control Center r1 SP3, r1 SP4Unicenter Web Services Distributed Management 3.11, 3.50Wily SOA Manager 7.1Affected Platforms:All operating system platforms supported by the various CA products that embed Ingres. This includes Windows, Linux, and supported UNIX platforms.Status and Recommendation:CA recommends that customers apply the appropriate fix(es) listed on the Security Notice page: http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.aspWorkaround: NoneReferences (URLs may wrap):CA SupportConnect:http://supportconnect.ca.com/CA SupportConnect Security Notice for these vulnerabilities:Ingres Security Alerthttp://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.aspImportant Security Notice for Customers Using Products That Embed Ingreshttp://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.aspCA Security Advisor posting: CA Products That Embed Ingres Multiple Vulnerabilitieshttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778CA Vuln ID (CAID): 3, 3http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35450http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35451http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35452http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35453Ingres knowledge base document:http://servicedesk.ingres.com/CAisd/pdmweb.ingres?OP=SHOW_DETAIL+PERSID=KD:415738+HTMPL=kt_document_view.htmplReported By: NGSSoftware, and iDefenseNGSSoftware Advisory: http://www.ngssoftware.com/research/advisories/iDefense Advisory: Ingres Database Multiple Heap Corruption Vulnerabilitieshttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=546CVE References:CVE-, CVE-, CVE-, CVE-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-OSVDB References: Pendinghttp://osvdb.org/Changelog for this advisory:v1.0 - Initial ReleaseCustomers who require additional information should contact CATechnical Support at http://supportconnect.ca.com.For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.If you discover a vulnerability in CA products, please report yourfindings to vuln AT ca DOT com, or utilize our &Submit a Vulnerability& form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspxRegards,Ken W 0xE2941985Director, CA Vulnerability ResearchCA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/Legal Notice http://www.ca.com/us/legal/Privacy Policy http://www.ca.com/us/privacy/Copyright (c) 2007 CA. All rights reserved.
Want To Donate?Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU
File Archive:July 2018
&SuMoTuWeThFrSa
1 Files26 Files15 Files11 Files13 Files4 Files4 Files
1 Files16 Files15 Files21 Files0 Files0 Files0 Files
0 Files0 Files0 Files0 Files0 Files0 Files0 Files
0 Files0 Files0 Files0 Files0 Files0 Files0 Files
0 Files0 Files0 Files
Top Authors In Last 30 Days
File ArchivesSystems (409) (1,563) (336) (1,814) (5,548) (1,682) (1,196) (3,586) (865) (175) (103) (219) (66) (33,701) (653) (3,105) (255) (456) (6,629) (834) (1,569) (1,444) (5,707) (8,302) (172) (5,351)
& 2018 Packet Storm. All rights reserved.
Site Links
Hosting By 上传我的文档
 上传文档
 下载
 收藏
该文档贡献者很忙，什么也没留下。
 下载此文档
正在努力加载中...
web技术在caid系统中的应用研究
下载积分：2000
内容提示：web技术在caid系统中的应用研究
文档格式：PDF|
浏览次数：0|
上传日期： 10:33:32|
文档星级：
全文阅读已结束，如果下载本文需要使用
 2000 积分
下载此文档
该用户还上传了这些文档
web技术在caid系统中的应用研究
关注微信公众号CAID（计算机辅助工业设计）的积极影响？_百度知道
CAID（计算机辅助工业设计）的积极影响？
我有更好的答案
计算机辅助工业设计(CAID)是采用计算机进行设计的CAD(Computer Aided Design)的一种，特别是指能够进行包含设计的系统。普通的CAD工具主要是用来进行制作产品内部零部件设计图的制图等,而CAID工具主要着眼点开发设计全体的形状和外观。它装载了面向工业设计的建模功能，以及绘制完整图象的功能等。CAID是指以计算机硬件、软件、信息存储、通讯协议、周边设备和互连网等为技术手段，以信息科学为理论基础，包括信息离散化表述、扫描、处理、存储、传递、传感、物化、支持、集成和联网等领域的科学技术集合。 　　CAID，即在计算机技术和工业设计相结合形成的系统支持下，进行工业设计领域内的各种创造性活动。与传统的工业设计相比，CAID在设计方法、设计过程、设计质量和设计效率等各方面都发生了质的变化，它涉及了CAD技术、人工智能技术、多媒体技术、虚拟现实技术、敏捷制造、优化技术、模糊技术、人机工程等许多信息技术领域，是一门综合的交叉性学科。 　　CAID以工业设计知识为主体，以计算机和网络等信息技术为辅助工具，实现产品形态、色彩、宜人性设计和美学原则的量化描述，从而设计出更加实用、经济、美观、宜人和创新的新产品，满足不同层次人们的需求。CAID的工程思想 　　CAID系统是按照系统工程的思想，以工业设计理论和方法为指导的智能型创新性的产品开发设计系统。首先是利用各种信息，在CAID系统平台里利用真实感造型设计系统进行形态设计、色彩设计、材质设计和人机设计等方面的语义设计，然后在数字装配系统中实现数字化装配，在综合评价系统中进行美学、语义学等方面的分析评价，提出产品造型方案。最后将最终方案输出到加工设备，加工出产品，投放到市场，之后再收集有关信息，反馈到CAID平台，实现再设计。这种方法利用网络和其它平台相连接，使设计人员从一开始就考虑到产品生命周期的所有环节，把设计、制作、使用等方面合理组织起来，及时解决不同环节之间的冲突，充分调动了所有人的积极性和创造性。 　　计算机被普遍应用于工业设计之中,CAD成为工业设计不可缺少的手段。当前,世界上大型的CAD/CAM/CAE软件系统如Pro/Engineer、EDS UnigraPhics、EUCLID、Autodesk、Solidworks等都提供了有关产品早期设计的系统模块,它们称之为工业设计模块、概念设计模块或草图设计模块。 　　 Pro/Engineer Pro/Engineer包含一个工业设计模块Pro/Design,用于支持自上而下的投影设计,以及在复杂产品的设计中所包含的许多复杂任务的自动设计。此模块工具包括用于产品设计的二维非参数化装配布局编辑器、用于概念分析的二维参数模型的布局以及用于组件的三维布局编辑器。 　　 EDS Unigraphics EDS Unigraphics从V13版本后推出了概念设计WAVE(Whatif Alternative Value Engineering)技术,它为协同概念设计提供了强大的技术支持,使不同部门的工程师在设计的早期阶段就可以站在系统工程的角度,同时针对多种可选的设(Associative Control Structure)中去,可使设计师十分有效地控制各种设计变更。此外,WAVE也支持&概念设计到详细设计工程&(Conceptto Detail Engineering),即先作出设计决策 ,然后设计细节。研究机构 　　Internet Intranet环境下的工业设计系统的研究，国内还主要在一些高校和科研院所进行。香港大学机械系在Internet上构建了一个基于Web的远程设计系统,用于花瓶的造型设计，西安交通大学CIMS研究所构建了一个远程协同工作原型系统,解决远程设计用户共享设计工具的问题,它可以通过Internet让远程用户使用研究所的Solidwork、ProE、MDT等专业设计平台。四川大学CAD/CAM研究所构建了凸轮远程协同设计系统,让用户能够通过Internet对凸轮运动机构的轮廓面进行设计,此系统发布在四川大学制造学院的网站上。但这些系统距离实用化都还有一定的距离。信息分类 　　CAID系统中的信息可以分为数字信息和非数字信息两大类。数字信息都是可以交换的，而非数字信息是暂时不能交换。其中的数字信息有：产品造型的尺寸结构、色彩、材料、人机标准尺度、符合规范的标准化设计等，多数涉及产品或人的生理和物理属性。而其中的非数字信息有：对美感的评价、产品的创意、色彩或形式带来的心理反应等，多数涉及人的心理属性，是复杂多变的。数字信息是非数字信息的一种表现，是容易用数据表示并用计算机来描述的，而非数字信息目前只起到辅助的作用，按照工业设计以人为本、强调创意、张扬个性的发展趋势来看，非数字信息应该是CAID系统的基础，因此目前的CAID还存在技术上的局限性，在对CAID的研究中有望发展智能型的专家系统，帮助人们进行创意型设计，使非数字信息不断数字化，这样在未来的设计中可以实现设计者与使用者的互动，或者完全实现设计的DIY。
采纳率：82%
为您推荐：
其他类似问题
您可能关注的内容
工业设计的相关知识
换一换
回答问题，赢新手礼包
个人、企业类
违法有害信息,请在下方选择后提交
色情、暴力
我们会通过消息、邮箱等方式尽快将举报结果通知您。Clicks 189 0Comment
We developing good CAM Postprocessor for CNC programming. Most people know good POST good program...
Clicks 125 0Comment
This Quick Start Guide will cover the basic workflow and functions used in the Geomagic Studio pr...
Clicks 60 0Comment
Save Copy of Current File Before performing the next step perform a Save As on the file. This wil...
Clicks 158 0Comment
Noise Reduction - Preview Data Frequently, during the scanning process, an element of noise is in...
Clicks 165 0Comment
Reviewing the Data Before you start working on an object, you need to know what this object looks...
Clicks 159 0Comment
After a NURBS surface project is complete,the model can enter a CAD phase where surface trinmming...
Clicks 201 0Comment
If you know the exact steps you would take to create a NURBS surface based on a similar model,the...
Clicks 122 0Comment
The first step in constructing a surface is Curvature Detection. Curvature Detection Creates a se...
Clicks 194 0Comment
Geomagic Shape provides you with several methods for organizing patch layouts.Panel Shurrling is ...
Clicks 114 0Comment
One of the most flexible tools to correct problem areas or to remove unwanted geometry is the Def...
Clicks 122 0Comment
Repairing holes in polygon data is a common function and one of the strengths of Geomagic.you can...
Clicks 176 0Comment
The first steps in working point cloud data from scanners are often the reduction of noise in the...
Clicks 84 0Comment
After registration is completethe Merge command can be used to perform seversl functions simultan...
Clicks 198 0Comment
Manual Registartion can be performed on any 3D sacn files,allowing either points or polygon data ...
Clicks 156 0Comment
This new tool allows the user to choose between selecting all triangles in the selected area or o...
Clicks 191 0Comment
TheBackground Grid is a visualization tool that provides the user with a way to view the size and...Caidwell.com
READY FOR DEVELOPMENT
If you're interested in this domain, contact us to check availability for ownership, customer use, partnership or other development opportunities.
First Name:
Last Name:
Confirm Email:
Check Availability
By continuing you agree to our
We respect your privacy and will keep your personal info confidential.
Limited Budget? Contact us to see if this domain is available with one of our monthly .
Looking for another name? We maintain a portfolio of premium brandable domain names for customer use, ownership, and brand creation. .
Choose Domain Only, Web Packages, or Other Services
Domain Only
If you already have your own web development team, we can help you find a domain that's perfect for your project, whether it's opportunities with this domain or another premium domain.
Contact us to help with your domain search.
The e-Inclusive Package
A complete solution for getting your new online business started.
Domain Name
Developed Website
Enterprise Email
Web Hosting
Other Services
We offer various Web Solutions, whether you want a Complete Web Package or the Domain Only.
Domain Registrations