Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2
-----------------------------------------------------------

Release Date: July 15 2005
Severity: Medium

A vulnerability has been discovered in Sybase EAServer. If exploited,
this can result in
user-specified code being executed under the security context of the
jagsrv.exe process.  To complete this attack, you must be authenticated
to /WebConsole/.
By default, the jagadmin user password is set to blank so getting access
might be trivial.

After authenticating to /WebConsole/ if an attacker sets the value of
the JavaScript
parameter in TreeAction.do to a large value a return address can be 
overwritten due to a stack-based buffer overflow.

For more information about this advisory, please visit our advisory page
located at
http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm

[Remediation]
For a complete list of version affected and patch required, please visit
the complete advisory page 
http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm


Vendor Information:
Sybase was contacted on 05/05/2005. For more information about this
advisory
Please visited Sybase alert page http://www.sybase.com/detail?id=1036742


Contact Information
spilabs@spidynamics.com
SPI Dynamics, Inc.
115 Perimeter Center Place N.E.
suite 1100
Atlanta, GA. 30346
Toll-Free Phone: (866) 774-2700



SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists; SPI Dynamics is the leader in Web application security
technology. With such signature products as WebInspect, SPI Dynamics is
dedicated to protecting companies' most valuable assets. SPI Dynamics
has created a new breed of Internet security products for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2005 SPI Dynamics, Inc. All rights reserved worldwide.