Reported November 26, 2002, by
Application Security Inc.
VERSIONS AFFECTED
Sybase Adaptive
Server 12.5 and 12.0
DESCRIPTION
Three new buffer-overrun vulnerabilities in Sybase’s
Adaptive Server versions 12.5 and 12.0 can grant an attacker complete control
over the vulnerable system. The first vulnerability involves a buffer overflow
in the Database Consistency Checker (DBCC) CHECKVERIFY function. The second
vulnerability involves a buffer overflow in the DROP DATABASE function. The
third vulnerability is a buffer-overflow condition in the stored procedure
“xp_freedll”. For more information about these vulnerabilities, see the
discoverer’s Web
site.
VENDOR RESPONSE
Sybase
has released patches that address these vulnerabilities and recommends that
affected users download the appropriate patch from the company's Web site.
CREDIT
Discovered
by Application Security Inc.
Multiple Vulnerabilities in Sybase Adaptive Server 12.0 and 12.5
1 comment
Hide comments