Heap overflow in Sybase MobiLink

Type securityvulns
Reporter Securityvulns
Modified 2008-02-22T00:00:00


                         Luigi Auriemma

Application: Sybase MobiLink http://www.sybase.com/developer/mobile/sqlanywhere/mobilink Versions: <= Platforms: Windows and Linux/Unix Bug: heap overflow Exploitation: remote Date: 20 Feb 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

MobiLink is a centralized synchronization server for mobile platforms included in the Sybase SQL Anywhere package.

====== 2) Bug ======

The MobiLink server is affected by a heap overflow which happens during the handling of some strings like username, version and remote ID (all pre-auth) when have a lenght major than 128 bytes.

=========== 3) The Code ===========


====== 4) Fix ======

No fix

Luigi Auriemma http://aluigi.org