|
|
[NEWS] Sybase EAServer Buffer Overflow: msg#00060security.securiteam
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - Sybase EAServer Buffer Overflow ------------------------------------------------------------------------ SUMMARY "Sybase EAServer is the open application server for powering business critical applications that provide the lowest total cost of ownership." A buffer overflow vulnerability has been discovered in EAServer, if exploited, this can result in user-specified code being executed under the security context of the jagsrv.exe process. DETAILS Vulnerable Systems: * Sybase EAServer versions 4.2.5 up to 5.2 After authenticating to /WebConsole/ if an attacker sets the value of the JavaScript parameter in TreeAction.do to a large value a return address can be overwritten due to a stack-based buffer overflow. Patch Availability: The issue is resolved by applying the following EBFs to the correct platform and version. Each EBFs are available from the Sybase EBFs and Maintenance site at <http://downloads.sybase.com/> http://downloads.sybase.com/ Vendor Status: Sybase was contacted on 05/05/2005. Vendor released advisory corresponding this issue: <http://www.sybase.com/detail?id=1036742> http://www.sybase.com/detail?id=1036742 ADDITIONAL INFORMATION The information has been provided by <mailto:spilabs@xxxxxxxxxxxxxxx> David Dewey. The original article can be found at: <http://www.sybase.com/detail?id=1036742> http://www.sybase.com/detail?id=1036742 ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | [NT] sHTTP FTPServer Directory Traversal: 00060, SecuriTeam |
|---|---|
| Next by Date: | [UNIX] Web Portal System Command Execution Vulnerability (wps_shop.cgi): 00060, SecuriTeam |
| Previous by Thread: | [NT] sHTTP FTPServer Directory Traversali: 00060, SecuriTeam |
| Next by Thread: | [UNIX] Web Portal System Command Execution Vulnerability (wps_shop.cgi): 00060, SecuriTeam |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |