[ISN] Sybase patches three security holes

From: InfoSec News (isnat_private)
Date: Wed Dec 04 2002 - 00:57:15 PST

  • Next message: InfoSec News: "Re: [ISN] Linux Security Week - December 2nd 2002"

    By James Niccolai
    IDG News Service
    Sybase has issued a security patch for three vulnerabilities affecting
    the newest versions of its database software that could allow a
    malicious hacker to gain control of a Sybase server and run arbitrary
    code on it.
    Sybase said it wasn't aware of any systems that have been affected by
    the problem, but advised customers to download and install the
    patches, which were made available on its Web site last week.
    The security holes can be used to create a "buffer overflow," a memory
    problem frequently exploited in cyberattacks. The holes affect users
    running the latest versions of its Adaptive Server database, versions
    12.0 and 12.5, on both Unix and Windows platforms, said Application
    Security, which discovered the problem.
    Sybase downplayed the risk. The vulnerabilities are "predominantly
    hypothetical" and can be exploited only by those who are able to log
    into a system as a "trusted user," said Tom Traubitz, a Sybase senior
    marketing manager.
    Application Security, which called the vulnerabilities "high risk,"  
    "A non-privileged user can execute these things; we stand by that,"  
    said Stephen Grey, an Application Security marketing manager.
    One exploit uses the command "DROP DATABASE."
    "This is meant to only be run by privileged users, however if a
    non-privileged user runs this command, the buffer overflow occurs
    before any access control takes place," Application Security said on
    its Web site. "Therefore a non-privileged user can use this security
    hole to take complete control of a Sybase server."
    Application Security has posted a description of the vulnerabilities
    on its Web site.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Dec 04 2002 - 03:29:56 PST