NII Advisory (Revised with vendor response and partial workaround) ================== Buffer Overflow in SQLBase Original Advisory: http://www.nii.co.in/vuln/sqlbase.html This is a revision to the earlier advisory about a buffer overflow in SQLBase 8.0 and 8.1. To briefly recap: This BO occurs by issuing the following command: EXECUTE SYS.AAAAAAAAAAAA......(700 times). It only requires the user to have CONNECT privileges, and results in the SQLBase RDBMS crashing with Local System privileges on a Windows system. Vendor Response: ============== We had released the original advisory (available at http://www.nii.co.in/research/advisories.html) after not having received a response from the vendor - Gupta Worldwide (http://www.guptaworldwide.com). This situation has now changed, and the summary of the vendor's response is as follows: "The problem does exist and we are regarding it seriously. We have targetted the fix for the SQLBase Release scheduled for May." Also, the vendor suggest the following measures be taken until then: "In the meantime, the recommendation to prevent this type of attack is to prevent unauthorized access to your SQLBase databases, because in order to perform this attack the user must have been authorized with at least CONNECT rights. This means that the default passwords for SYSADM, SYSSQL, & SYSREP are recommended to be changed. By eliminating the unauthorized access to the database, you can prevent unauthorized user from performing this attack." This however, does not prevent an authorized user from executing the attack successfully. The revised advisory is now available at www.nii.co.in/vuln/sqlbase.html Network Intelligence India Pvt. Ltd. ================================= Security Auditing Handbooks http://www.nii.co.in/research/handbook.html ================================= _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sat Mar 08 2003 - 01:41:00 PST