ID OSVDB:15328 Type osvdb Reporter NGSSoftware Insight Security Research(nisr@nextgenss.com) Modified 2005-04-05T23:53:26
Description
Solution Description
Upgrade to version 12.5.3 ESD #1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
References:
Vendor URL: http://www.sybase.com/
Vendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034752
Vendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034520
Related OSVDB ID: 15326Related OSVDB ID: 15199Related OSVDB ID: 15198Related OSVDB ID: 15327
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0002.html
Keyword: Adaptive Server Enterprise
Keyword: #NISR05042005
CVE-2005-0441
{"enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2017-04-28T13:20:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0441"]}, {"type": "osvdb", "idList": ["OSVDB:15327", "OSVDB:15199", "OSVDB:15198", "OSVDB:15326"]}, {"type": "nessus", "idList": ["SYBASE_UNSPECIFIED_VULN.NASL"]}], "modified": "2017-04-28T13:20:11", "rev": 2}, "vulnersScore": 7.6}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Adaptive Server Enterprise", "operator": "eq", "version": "12.5.3"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:15328", "id": "OSVDB:15328", "title": "Sybase ASE abstract plan Syntax Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "lastseen": "2017-04-28T13:20:11", "edition": 1, "reporter": "NGSSoftware Insight Security Research(nisr@nextgenss.com)", "description": "## Solution Description\nUpgrade to version 12.5.3 ESD #1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.sybase.com/\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034752\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034520\n[Related OSVDB ID: 15326](https://vulners.com/osvdb/OSVDB:15326)\n[Related OSVDB ID: 15199](https://vulners.com/osvdb/OSVDB:15199)\n[Related OSVDB ID: 15198](https://vulners.com/osvdb/OSVDB:15198)\n[Related OSVDB ID: 15327](https://vulners.com/osvdb/OSVDB:15327)\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0002.html\nKeyword: Adaptive Server Enterprise\nKeyword: #NISR05042005\n[CVE-2005-0441](https://vulners.com/cve/CVE-2005-0441)\n", "modified": "2005-04-05T23:53:26", "viewCount": 2, "published": "2005-04-05T23:53:26", "cvelist": ["CVE-2005-0441"]}
{"cve": [{"lastseen": "2020-10-03T11:34:53", "description": "Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or \"sa\" role privileges to execute arbitrary code via (5) a crafted install java statement.", "edition": 3, "cvss3": {}, "published": "2004-12-22T05:00:00", "title": "CVE-2005-0441", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0441"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:sybase:adaptive_server_enterprise:11.5.1", "cpe:/a:sybase:adaptive_server_enterprise:12.0", "cpe:/a:sybase:adaptive_server_enterprise:12.0.1", "cpe:/a:sybase:adaptive_server_enterprise:12.5.2", "cpe:/a:sybase:adaptive_server_enterprise:12.5", "cpe:/a:sybase:adaptive_server_enterprise:11.03.3", "cpe:/a:sybase:adaptive_server_enterprise:11.9.2", "cpe:/a:sybase:adaptive_server_enterprise:11.5", "cpe:/a:sybase:adaptive_server_enterprise:12.5.3"], "id": "CVE-2005-0441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0441", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sybase:adaptive_server_enterprise:11.5.1:*:hp:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.9.2:*:hp:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0.1:*:win:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5.1:*:digital_unix:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.9.2:*:digital_unix:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:sgi:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:hp:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:digital_unix:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0:*:sun:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5:*:hp:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.9.2:*:win:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5:*:digital_unix:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5:*:win:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5:*:sun:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0.1:*:hp:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5.1:*:win:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.5.1:*:sun:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0.1:*:sun:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:win:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0.1:*:digital_unix:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0:*:digital_unix:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0:*:hp:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.03.3:*:linux:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:linux:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.0:*:win:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:sun:*:*:*:*:*", "cpe:2.3:a:sybase:adaptive_server_enterprise:11.9.2:*:sun:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-0441"], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in Sybase Adaptive Server Enterprise attrib_valid function. The function fails to check input during internal parsing resulting in a buffer overflow. With a specially crafted request, an attacker can execute the code of their choice in the security context of the Sybase database server process resulting in a loss of integrity.\n\nIn order for this condition to be exploited an authenticated connection to ASE must exist.\n## Solution Description\nUpgrade to version 12.5.3 ESD #1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Sybase Adaptive Server Enterprise attrib_valid function. The function fails to check input during internal parsing resulting in a buffer overflow. With a specially crafted request, an attacker can execute the code of their choice in the security context of the Sybase database server process resulting in a loss of integrity.\n\nIn order for this condition to be exploited an authenticated connection to ASE must exist.\n## References:\nVendor URL: http://www.sybase.com/\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034752\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034520\n[Related OSVDB ID: 15326](https://vulners.com/osvdb/OSVDB:15326)\n[Related OSVDB ID: 15199](https://vulners.com/osvdb/OSVDB:15199)\n[Related OSVDB ID: 15327](https://vulners.com/osvdb/OSVDB:15327)\n[Related OSVDB ID: 15328](https://vulners.com/osvdb/OSVDB:15328)\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0002.html\nKeyword: Adaptive Server Enterprise\nKeyword: #NISR05042005\n[CVE-2005-0441](https://vulners.com/cve/CVE-2005-0441)\n", "modified": "2005-04-05T23:53:26", "published": "2005-04-05T23:53:26", "href": "https://vulners.com/osvdb/OSVDB:15198", "id": "OSVDB:15198", "title": "Sybase ASE attrib_valid Function Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-0441"], "edition": 1, "description": "## Solution Description\nUpgrade to version 12.5.3 ESD #1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.sybase.com/\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034752\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034520\n[Related OSVDB ID: 15199](https://vulners.com/osvdb/OSVDB:15199)\n[Related OSVDB ID: 15198](https://vulners.com/osvdb/OSVDB:15198)\n[Related OSVDB ID: 15327](https://vulners.com/osvdb/OSVDB:15327)\n[Related OSVDB ID: 15328](https://vulners.com/osvdb/OSVDB:15328)\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0002.html\nKeyword: Adaptive Server Enterprise\nKeyword: #NISR05042005\n[CVE-2005-0441](https://vulners.com/cve/CVE-2005-0441)\n", "modified": "2005-04-05T23:53:26", "published": "2005-04-05T23:53:26", "href": "https://vulners.com/osvdb/OSVDB:15326", "id": "OSVDB:15326", "title": "Sybase ASE convert Function Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-0441"], "edition": 1, "description": "## Solution Description\nUpgrade to version 12.5.3 ESD #1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.sybase.com/\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034752\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034520\n[Related OSVDB ID: 15326](https://vulners.com/osvdb/OSVDB:15326)\n[Related OSVDB ID: 15199](https://vulners.com/osvdb/OSVDB:15199)\n[Related OSVDB ID: 15198](https://vulners.com/osvdb/OSVDB:15198)\n[Related OSVDB ID: 15328](https://vulners.com/osvdb/OSVDB:15328)\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0002.html\nKeyword: Adaptive Server Enterprise\nKeyword: #NISR05042005\n[CVE-2005-0441](https://vulners.com/cve/CVE-2005-0441)\n", "modified": "2005-04-05T23:53:26", "published": "2005-04-05T23:53:26", "href": "https://vulners.com/osvdb/OSVDB:15327", "id": "OSVDB:15327", "title": "Sybase ASE declare Statement Overflow", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-0441"], "edition": 1, "description": "## Vulnerability Description\nASE XP Server contains a flaw that may allow a remote denial of service. The issue is triggered when a user connects to the network service of the ASE XP Server, and will result in loss of availability for the platform.\n## Solution Description\nUpgrade to version ASE 12.5.3 ESD#1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nASE XP Server contains a flaw that may allow a remote denial of service. The issue is triggered when a user connects to the network service of the ASE XP Server, and will result in loss of availability for the platform.\n## References:\nVendor URL: http://www.sybase.com/\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034752\nVendor Specific News/Changelog Entry: http://www.sybase.com/detail?id=1034520\n[Secunia Advisory ID:13632](https://secuniaresearch.flexerasoftware.com/advisories/13632/)\n[Related OSVDB ID: 15198](https://vulners.com/osvdb/OSVDB:15198)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0002.html\nKeyword: Adaptive Server Enterprise\nKeyword: #NISR05042005\nISS X-Force ID: 19354\n[CVE-2005-0441](https://vulners.com/cve/CVE-2005-0441)\nBugtraq ID: 12080\n", "modified": "2005-04-05T23:53:26", "published": "2005-04-05T23:53:26", "href": "https://vulners.com/osvdb/OSVDB:15199", "id": "OSVDB:15199", "title": "Sybase ASE xp_server Malformed Data DoS", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T06:33:33", "description": "The remote host is running Sybase Adaptive Server Enterprise, a SQL\nserver with network capabilities.\n\nThe remote version of this software is earlier than 12.5.4.0. Such\nversions are affected by several unspecified security flaws.", "edition": 24, "published": "2005-02-21T00:00:00", "title": "Sybase Adaptive Server Enterprise < 12.5.4.0 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0441"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:sybase:adaptive_server_enterprise", "cpe:/a:sybase:adaptive_server"], "id": "SYBASE_UNSPECIFIED_VULN.NASL", "href": "https://www.tenable.com/plugins/nessus/17163", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17163);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n script_cve_id(\"CVE-2005-0441\");\n script_bugtraq_id(13020, 13015, 13014, 13013, 13012, 13009, 12562);\n\n script_name(english:\"Sybase Adaptive Server Enterprise < 12.5.4.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of the remote Sybase server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database service is affected by unspecified\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Sybase Adaptive Server Enterprise, a SQL\nserver with network capabilities.\n\nThe remote version of this software is earlier than 12.5.4.0. Such\nversions are affected by several unspecified security flaws.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/385198\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 12.5.4.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/02/21\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:sybase:adaptive_server_enterprise\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:sybase:adaptive_server\");\nscript_end_attributes();\n\n\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Databases\");\n script_dependencies(\"sybase_blank_password.nasl\", \"smb_hotfixes.nasl\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_func.inc\");\ninclude(\"audit.inc\");\n\n#\n# The script code starts here\n#\n\n\nversion = get_kb_item(\"sybase/version\");\nif ( ! version )\n{\n if ( ! get_kb_item(\"SMB/full_registry_access\") ) exit(0);\n\n port = get_kb_item(\"SMB/transport\");\n if(!port)port = 139;\n\n name\t= kb_smb_name(); \tif(!name)exit(0);\n login\t= kb_smb_login();\n pass\t= kb_smb_password();\n domain = kb_smb_domain();\n port\t= kb_smb_transport();\n\n\n\n if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n r = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\n if ( r != 1 ) exit(0);\n\n hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\n if ( isnull(hklm) )\n {\n NetUseDel();\n exit(0);\n }\n\n\n key = \"SOFTWARE\\SYBASE\\SQLServer\";\n item = \"CurrentVersion\";\n\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if ( ! isnull(key_h) )\n {\n value = RegQueryValue(handle:key_h, item:item);\n\n if (!isnull (value))\n version = value[1];\n\n RegCloseKey (handle:key_h);\n }\n\n\n RegCloseKey (handle:hklm);\n NetUseDel ();\n}\n\nif ( version && ereg(pattern:\"([0-9]\\.|11\\.|12\\.[0-4]\\.|12\\.5\\.[0-3]\\.)\", string:version) )\n\tsecurity_hole(get_kb_item(\"Services/sybase\"));\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
