Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0441

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-0441
Last Modified 05 Sep 2008 04:46:18
Published 22 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0441

Summary

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.

Vulnerable Systems

Application

  • Sybase Adaptive Server Enterprise 11.03.3

  • Sybase Adaptive Server Enterprise 11.5

  • Sybase Adaptive Server Enterprise 11.5.1

  • Sybase Adaptive Server Enterprise 11.9.2

  • Sybase Adaptive Server Enterprise 12.0

  • Sybase Adaptive Server Enterprise 12.0.1

  • Sybase Adaptive Server Enterprise 12.5

  • Sybase Adaptive Server Enterprise 12.5.2

  • Sybase Adaptive Server Enterprise 12.5.3


References

XF - sybase-ase-install-java-bo(19980)

XF - sybase-ase-abstract-bo(19979)

XF - sybase-ase-declare-bo(19978)

XF - sybase-ase-convert-bo(19976)

XF - sybase-ase-attribvalid-bo(19974)

XF - sybase-adaptive-server(19354)

CONFIRM - http://www.sybase.com/detail?id=1034752

CONFIRM - http://www.sybase.com/detail?id=1034520

BID - 12080

BUGTRAQ - 20050321 Details of Sybase ASE bugs withheld

SECUNIA - 13632

BUGTRAQ - 20050405 Sybase ASE Multiple Security Issues (#NISR05042005)

BUGTRAQ - 20041222 Sybase ASE 12.5.2 vulnerabilities

MISC - http://www.ngssoftware.com/advisories/sybase-ase.txt


Last Updated: 27 May 2016 10:39:48