Reported November 26, 2002, by Application Security Inc.

 

 

VERSIONS AFFECTED

 

  • Sybase Adaptive Server 12.5 and 12.0

 

 

DESCRIPTION

 

Three new buffer-overrun vulnerabilities in Sybase’s Adaptive Server versions 12.5 and 12.0 can grant an attacker complete control over the vulnerable system. The first vulnerability involves a buffer overflow in the Database Consistency Checker (DBCC) CHECKVERIFY function. The second vulnerability involves a buffer overflow in the DROP DATABASE function. The third vulnerability is a buffer-overflow condition in the stored procedure “xp_freedll”. For more information about these vulnerabilities, see the discoverer’s Web site.

 

VENDOR RESPONSE

 

Sybase has released patches that address these vulnerabilities and recommends that affected users download the appropriate patch from the company's Web site.

 

CREDIT          

Discovered by Application Security Inc.