Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability
BID:13020
Info
Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 13020 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 22 2004 12:00AM |
| Updated: | Dec 22 2004 12:00AM |
| Credit: | Discovery is credited to Sherief Hammad of NGSSoftware. |
| Vulnerable: |
Sybase Adaptive Server Enterprise 12.5.3 Sybase Adaptive Server Enterprise 12.5.2 Sybase Adaptive Server Enterprise 12.5 Win Sybase Adaptive Server Enterprise 12.5 Sun Sybase Adaptive Server Enterprise 12.5 SGI Sybase Adaptive Server Enterprise 12.5 Linux Sybase Adaptive Server Enterprise 12.5 HP Sybase Adaptive Server Enterprise 12.5 Digital UNIX Sybase Adaptive Server Enterprise 12.0.1 Win Sybase Adaptive Server Enterprise 12.0.1 Sun Sybase Adaptive Server Enterprise 12.0.1 HP Sybase Adaptive Server Enterprise 12.0.1 Digital UNIX Sybase Adaptive Server Enterprise 12.0 Win Sybase Adaptive Server Enterprise 12.0 Sun Sybase Adaptive Server Enterprise 12.0 HP Sybase Adaptive Server Enterprise 12.0 Digital UNIX Sybase Adaptive Server Enterprise 12.0 .0.8 EDS#3 Sybase Adaptive Server Enterprise 11.9.2 Win Sybase Adaptive Server Enterprise 11.9.2 Sun Sybase Adaptive Server Enterprise 11.9.2 HP Sybase Adaptive Server Enterprise 11.9.2 Digital UNIX Sybase Adaptive Server Enterprise 11.5.1 Win Sybase Adaptive Server Enterprise 11.5.1 Sun Sybase Adaptive Server Enterprise 11.5.1 HP Sybase Adaptive Server Enterprise 11.5.1 Digital UNIX Sybase Adaptive Server Enterprise 11.5 Win Sybase Adaptive Server Enterprise 11.5 Sun Sybase Adaptive Server Enterprise 11.5 HP Sybase Adaptive Server Enterprise 11.5 Digital UNIX Sybase Adaptive Server Enterprise 11.0.3 .3Linux |
| Not Vulnerable: |
Sybase Adaptive Server Enterprise 12.5.3 ESD#1 |
Discussion
Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability
A remote buffer overflow vulnerability affects Sybase Adaptive Server Enterprise. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the affected application. This may facilitate unauthorized access or privilege escalation.
The issue outlined in this BID was previously presented in BID 12080 (Sybase Adaptive Server Enterprise Multiple Vulnerabilities) along with other issues; each issue is being assigned its own BID. This BID 12080 is being retired.
A remote buffer overflow vulnerability affects Sybase Adaptive Server Enterprise. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the affected application. This may facilitate unauthorized access or privilege escalation.
The issue outlined in this BID was previously presented in BID 12080 (Sybase Adaptive Server Enterprise Multiple Vulnerabilities) along with other issues; each issue is being assigned its own BID. This BID 12080 is being retired.
Exploit / POC
Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability
Solution:
The vendor has released ASE 12.5.3 ESD#1 to address these issue.
Sybase Adaptive Server Enterprise 11.0.3 .3Linux
Sybase Adaptive Server Enterprise 11.5 Digital UNIX
Sybase Adaptive Server Enterprise 11.5 HP
Sybase Adaptive Server Enterprise 11.5 Sun
Sybase Adaptive Server Enterprise 11.5 Win
Sybase Adaptive Server Enterprise 11.5.1 Win
Sybase Adaptive Server Enterprise 11.5.1 Sun
Sybase Adaptive Server Enterprise 11.5.1 Digital UNIX
Sybase Adaptive Server Enterprise 11.5.1 HP
Sybase Adaptive Server Enterprise 11.9.2 Digital UNIX
Sybase Adaptive Server Enterprise 11.9.2 Sun
Sybase Adaptive Server Enterprise 11.9.2 HP
Sybase Adaptive Server Enterprise 11.9.2 Win
Sybase Adaptive Server Enterprise 12.0 Digital UNIX
Sybase Adaptive Server Enterprise 12.0 HP
Sybase Adaptive Server Enterprise 12.0 Sun
Sybase Adaptive Server Enterprise 12.0 Win
Sybase Adaptive Server Enterprise 12.0.1 Sun
Sybase Adaptive Server Enterprise 12.0.1 Digital UNIX
Sybase Adaptive Server Enterprise 12.0.1 HP
Sybase Adaptive Server Enterprise 12.0.1 Win
Sybase Adaptive Server Enterprise 12.5 Win
Sybase Adaptive Server Enterprise 12.5 HP
Sybase Adaptive Server Enterprise 12.5 Linux
Sybase Adaptive Server Enterprise 12.5 SGI
Sybase Adaptive Server Enterprise 12.5 Sun
Sybase Adaptive Server Enterprise 12.5 Digital UNIX
Sybase Adaptive Server Enterprise 12.5.2
Sybase Adaptive Server Enterprise 12.5.3
Solution:
The vendor has released ASE 12.5.3 ESD#1 to address these issue.
Sybase Adaptive Server Enterprise 11.0.3 .3Linux
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5 Digital UNIX
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5 HP
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5 Sun
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5 Win
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5.1 Win
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5.1 Sun
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5.1 Digital UNIX
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.5.1 HP
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.9.2 Digital UNIX
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.9.2 Sun
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.9.2 HP
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 11.9.2 Win
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0 Digital UNIX
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0 HP
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0 Sun
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0 Win
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0.1 Sun
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0.1 Digital UNIX
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0.1 HP
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.0.1 Win
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5 Win
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5 HP
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5 Linux
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5 SGI
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5 Sun
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5 Digital UNIX
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5.2
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
Sybase Adaptive Server Enterprise 12.5.3
-
Sybase ASE 12.5.3 ESD#1
http://downloads.sybase.com/
References
Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability
References:
References:
- Adaptive Server Enterprise Product Homepage (Sybase)
- Sybase Homepage (Sybase)
- Urgent from Sybase: Security Alert for Adaptive Server Enterprise Installations (Sybase)
- Urgent from Sybase: Security Issues in ASE 12.5.3 and Earlier (Sybase)
- Sybase ASE 12.5.2 vulnerabilities (NGSSoftware Insight Security Research
- Sybase ASE Multiple Security Issues (#NISR05042005) (NGSSoftware Insight Security Research