Title

Multiple Vulnerabilities in Sybase Products (Cat I impact)

Discussion

Sybase has addressed multiple vulnerabilities affecting Sybase products. To exploit these vulnerabilities, an attacker would utilize various tactics, techniques and procedures. If successfully exploited, these vulnerabilities would allow an attacker to compromise the affected system. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. Sybase Malformed TDS Vulnerability: An array indexing vulnerability within Sybase Backup and Monitor when handling certain login packets can be exploited to corrupt memory. The specific flaw exists within the way Sybase Backup and Monitor servers handle certain data in the login packets. Malformed packets can cause the service in question to lookup a function pointer outside a predefined function pointer array. It is possible to set this function pointer to an address where user controlled data exists and this will result in code execution under the rights of the user running the Monitor Server. Sybase Login packet Vulnerability: A vulnerability within Sybase Backup and Monitor server when handling certain login packets can be exploited to write a NULL byte to an arbitrary memory location on the stack. The specific flaw exists within the way Sybase Backup and Monitor servers handles certain data in the login packets. Malformed packets can cause the service in question to write a NULL byte on the stack which can be leveraged by a remote attacker to execute code under the context of the running service.

Check Content

See IAVM notice or vendor bulletin for additional information. Vulnerable Applications/Systems: Open Server 15.5 and earlier Adaptive Server Enterprise (ASE) prior to 15.0.3 ESD#4 ONE-Off Adaptive Server Enterprise (ASE) prior to 15.0.3 CE ONE-Off Adaptive Server Enterprise (ASE) prior to 15.5 ESD#4 Adaptive Server Enterprise (ASE) prior to 15.5 CE ESD#4 Replication Server prior to 15.1-15.5 ESD#2 ONE-Off Replication Server prior to 15.6 ESD#1 ECDA prior to 15.0 ESD#6 MFC/DC prior to 15.0 ESD#6 RAP - The Trading Edition prior to R4.1 OpenSwitch prior to15.1 ESD#5 EAServer prior to 6.3.1 ESD#3 Note: System administrators should refer to the Sybase Security Advisory to determine affected applications/system and appropriate fix actions.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-29565

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.