lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <019301c2e53a$768de5f0$0300a8c0@laptop1>
From: info at nii.co.in (Network Intelligence India Pvt. Ltd.)
Subject: NII Advisory - Buffer Overflow in SQLBase (Revised)

NII Advisory (Revised with vendor response and partial workaround)
==================
Buffer Overflow in SQLBase
Original Advisory: http://www.nii.co.in/vuln/sqlbase.html

This is a revision to the earlier advisory about a buffer overflow in SQLBase
8.0 and 8.1.
To briefly recap:
This BO occurs by issuing the following command:
EXECUTE SYS.AAAAAAAAAAAA......(700 times).
It only requires the user to have CONNECT privileges, and results in the SQLBase
RDBMS crashing with Local System privileges on a Windows system.


Vendor Response:
==============
We had released the original advisory (available at
http://www.nii.co.in/research/advisories.html) after not having received a
response from the vendor - Gupta Worldwide (http://www.guptaworldwide.com).

This situation has now changed, and the summary of the vendor's response is as
follows:
"The problem does exist and we are regarding it seriously.  We have targetted
the fix for the SQLBase Release scheduled for May."

Also, the vendor suggest the following measures be taken until then:
"In the meantime, the recommendation to prevent this type of attack is to
prevent unauthorized
access to your SQLBase databases, because in order to perform this attack
the user must have been authorized with at least CONNECT rights.  This means
that the default passwords for SYSADM, SYSSQL, & SYSREP are recommended to
be changed.  By eliminating the unauthorized access to the database, you can
prevent unauthorized user from performing this attack."

This however, does not prevent an authorized user from executing the attack
successfully.

The revised advisory is now available at www.nii.co.in/vuln/sqlbase.html


Network Intelligence India Pvt. Ltd.
=================================
Security Auditing Handbooks
http://www.nii.co.in/research/handbook.html
=================================


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ