Reported November 26, 2002, by Application Security Inc.
Sybase Adaptive Server 12.5 and 12.0
Three new buffer-overrun vulnerabilities in Sybase’s Adaptive Server versions 12.5 and 12.0 can grant an attacker complete control over the vulnerable system. The first vulnerability involves a buffer overflow in the Database Consistency Checker (DBCC) CHECKVERIFY function. The second vulnerability involves a buffer overflow in the DROP DATABASE function. The third vulnerability is a buffer-overflow condition in the stored procedure “xp_freedll”. For more information about these vulnerabilities, see the discoverer’s Web site.
Sybase has released patches that address these vulnerabilities and recommends that affected users download the appropriate patch from the company's Web site.
Discovered by Application Security Inc.