Heap overflow in Sybase MobiLink 10.0.1.3629

2008-02-22T00:00:00
ID SECURITYVULNS:DOC:19245
Type securityvulns
Reporter Securityvulns
Modified 2008-02-22T00:00:00

Description

                         Luigi Auriemma

Application: Sybase MobiLink http://www.sybase.com/developer/mobile/sqlanywhere/mobilink Versions: <= 10.0.1.3629 Platforms: Windows and Linux/Unix Bug: heap overflow Exploitation: remote Date: 20 Feb 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

MobiLink is a centralized synchronization server for mobile platforms included in the Sybase SQL Anywhere package.

====== 2) Bug ======

The MobiLink server is affected by a heap overflow which happens during the handling of some strings like username, version and remote ID (all pre-auth) when have a lenght major than 128 bytes.

=========== 3) The Code ===========

http://aluigi.org/poc/mobilinkhof.zip

====== 4) Fix ======

No fix


Luigi Auriemma http://aluigi.org