ASI Sybase Security Alert: Buffer overflow in DROP DATABASE

From: Aaron C. Newman (Application Security, Inc.) (anewman@APPSECINC.COM)
Date: 11/27/02

  • Next message: Aaron C. Newman (Application Security, Inc.): "ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY" 
    Date:         Wed, 27 Nov 2002 14:12:01 -0500
From: "Aaron C. Newman (Application Security, Inc.)" <anewman@APPSECINC.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Sybase Adaptive Server buffer overflow in DROP DATABASE

    http://www.appsecinc.com/resources/alerts/sybase/02-0002.html

    To determine if you should apply this hot fix, download AppDetective for
    Sybase from http://www.sybasesecurity.net/products/appdetective/sybase/.

    Risk level: High

    Threat: Allows a non-privileged login to gain full control of the server

    Versions Affected: Sybase Adaptive Server 12.0 and 12.5

    Summary:
    The built-in function DROP DATABASE contains a buffer overflow that may
    allow an attacker to overwrite the stack and execute arbitrary code
    under the security context of the server. Any valid login in Sybase is
    able to execute this function.

    Details:
    Sybase Adaptive Server provides a built-in function called DROP
    DATABASE. This function is used to remove a database from the server.

    DROP DATABASE accepts a single parameter that is the name of the
    database to remove. DROP DATABASE does not validate the length of the
    string passed into the first parameter. This buffer overflow may allow
    an attacker to run arbitrary code under the security context of the
    database.

    Below is an example of overflowing the buffer using the SQL tool
    isql.exe.

    1> declare @test varchar(16384)
    2> select @test = replicate(‘A’, 16384)
    3> DROP DATABASE @test
    4> go

    Fix:
    You should apply the following patches:
    12.5.0.2 - 11/14/2002
    12.0.0.6 ESD#1 - 11/5/2002

    These patches can be downloaded from http://downloads.sybase.com/swd/swx

    Thank you,
    support@appsecinc.com
    Application Security, Inc.
    phone: 212-490-6022
    fax: 212-490-6456
    -Protection Where It Counts-

    ----------------------------------------------------------------------
    Application Security, Inc.
    www.appsecinc.com

    As pioneers in application security, we are an organization dedicated
    to the security, defense, and protection of one of the most commonly
    overlooked areas of security - the application layer. Application
    Security, Inc. provides solutions to proactively secure (penetration
    testing/vulnerability assessment), actively defend/monitor (intrusion
    detection), and protect (encryption) your most critical applications.
    ----------------------------------------------------------------------

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Demonstrate your knowledge and understanding of core IT Security, become
    TICSA certified.

    Are you responsible for IT security in job function, but not necessarily
    in title? Do you want to prove your IT security knowledge and increase
    opportunities? Interested? Visit;

    http://www.trusecure.com/solutions/certifications/ticsa/

    for more information.
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

    Relevant Pages