unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
BID:53712
Info
unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
| Bugtraq ID: | 53712 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-2657 |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2012 12:00AM |
| Updated: | Aug 31 2012 10:40PM |
| Credit: | Felipe Pena |
| Vulnerable: |
unixODBC Project unixODBC 2.3.1 unixODBC Project unixODBC 2.3.0 unixODBC Project unixODBC 2.0.10 |
| Not Vulnerable: | |
Discussion
unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
unixODBC is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely cause a denial of service.
unixODBC is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely cause a denial of service.
Exploit / POC
unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
References:
References:
- CVE id request: Multiple buffer overflow in unixODBC (Felipe Pena )
- unixODBC Project Homepage (unixODBC Project)