Sybase SQL Anywhere Overflows

2003-12-11T00:00:00
ID OSVDB:3039
Type osvdb
Reporter OSVDB
Modified 2003-12-11T00:00:00

Description

Vulnerability Description

Multiple Remote overflow vulnerabilities exist in Sybase SQL Anywhere 9.0.0. The server fails to do bounds checking in multiple functions resulting in multiple types of overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed resulting in a loss of confidentiality, integrity, and/or availability

Solution Description

Upgrade to version 9.0.0 build 1250 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Multiple Remote overflow vulnerabilities exist in Sybase SQL Anywhere 9.0.0. The server fails to do bounds checking in multiple functions resulting in multiple types of overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed resulting in a loss of confidentiality, integrity, and/or availability

References:

Vendor URL: http://www.sybase.com/products/anywhere Vendor Specific Solution URL: http://downloads.sybase.com/swd/swx/sdsummary.stm?baseprodName=SQL+Anywhere+Studio&baseprod=144&client=swx&previewObj=4&timeframeObj=6 Secunia Advisory ID:10408 Related OSVDB ID: 2956 Related OSVDB ID: 3047 Other Advisory URL: http://www.nextgenss.com/advisories/sybase.txt ISS X-Force ID: 13950