exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Rapid7 Security Advisory 16

Rapid7 Security Advisory 16
Posted Nov 25, 2003
Authored by Rapid7 | Site rapid7.com

Rapid7 Security Advisory - Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a denial of service attack when a login is made with an invalid remote password array. A valid login is required to exploit this vulnerability. Version 11.0.3.3 for Linux is not vulnerable.

tags | advisory, remote, denial of service
systems | linux
SHA-256 | ce1334b583816398c0865c95b48954c24802309142977d252ef92a816628f0f9

Rapid7 Security Advisory 16

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________
Rapid7, Inc. Security Advisory
Visit http://www.rapid7.com/ to download NeXpose,
the world's most advanced vulnerability scanner.
Linux and Windows 2000/XP versions are available now!
_______________________________________________________________________

Rapid7 Advisory R7-0016
Sybase ASE 12.5 Remote Password Array Denial of Service

Published: November 20, 2003
Revision: 1.0
http://www.rapid7.com/advisories/R7-0016.html

CVE: CAN-2003-0327

1. Affected system(s):

KNOWN VULNERABLE:
o Sybase 12.5 ASE for Windows
o Sybase 12.5 ASE for Linux

Apparently NOT VULNERABLE:
o Sybase 11.0.3.3 for Linux

2. Summary

Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a
denial of service attack when a login is made with an invalid
remote password array. A valid login is required to exploit
this vulnerability.

3. Vendor status and information

Sybase
http://www.sybase.com

The vendor has been notified and has released an ESD
(Electronic Software Distribution) which fixes this issue.

4. Solution

Upgrade to Sybase ASE 12.5 ESD#2 or higher.

5. Detailed analysis

Connecting to Sybase Adaptive Server Enterprise (ASE) 12.5 with
a valid login (correct user ID and password) and an invalid remote
password array causes an access violation on the server, resulting
in a denial of service in the child thread or process. On
Windows, which spawns threads for each client, the server will
stop responding to all commands, including new login requests.
On systems such as Linux, which spawns new child processes for each
client, other clients do not appear to be affected. However, an
attacker could cause an effective DoS on new clients by rapidly
exploiting new child processes as they are launched, denying other
clients the ability to log in.

The remote password array is included in the TDS LOGINREC structure
and is of the format:

byte first server name length
byte[ ] first server name
byte first password length
byte[ ] first password
byte next server name length
...
byte total length of remote password array

By specifying invalid lengths, a heap overflow can be triggered.
We believe the possibility of arbitrary remote code execution is
unlikely in this case, but the possibility has not been ruled out.

6. Contact Information

Rapid7 Security Advisories
Email: advisory@rapid7.com
Web: http://www.rapid7.com/
Phone: +1 (212) 558-8700

7. Disclaimer and Copyright

Rapid7, Inc. is not responsible for the misuse of the information
provided in our security advisories. These advisories are a service
to the professional security community. There are NO WARRANTIES
with regard to this information. Any application or distribution of
this information constitutes acceptance AS IS, at the user's own
risk. This information is subject to change without notice.

This advisory Copyright (C) 2003 Rapid7, Inc. Permission is
hereby granted to redistribute this advisory, providing that no
changes are made and that the copyright notices and disclaimers
remain intact.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBP70cAST52JC2U8wAEQJu0wCfQCHHebZ7b/fkc4hNa3fxwdqL3nwAmwV9
9b9JHX335UP2Qdr7RGM4btIp
=ANiV
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close