AusCERT - ASB-2013.0004 - [Win][Linux][HP-UX][Solaris][AIX] Sybase Adaptive Server Enterprise: Execute arbitrary code/commands

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ASB-2013.0004 - [Win][Linux][HP-UX][Solaris][AIX] Sybase Adaptive Server Enterprise: Execute arbitrary code/commands - Unknown/unspecified
Date: 10 January 2013

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2013.0004
         Urgent from Sybase: Security vulnerabilities in Adaptive
                          Server Enterprise (ASE)
                              10 January 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Sybase Adaptive Server Enterprise
Operating System:     HP-UX
                      Linux variants
                      AIX
                      Windows
                      Solaris
Impact/Access:        Execute Arbitrary Code/Commands -- Unknown/Unspecified
                      Increased Privileges            -- Existing Account   
                      Overwrite Arbitrary Files       -- Unknown/Unspecified
                      Denial of Service               -- Unknown/Unspecified
                      Unauthorised Access             -- Unknown/Unspecified
Resolution:           Patch/Upgrade
Member content until: Saturday, February  9 2013

OVERVIEW

        Vulnerabilities have been identified and fixed in Sybase Adaptive 
        Server Enterprise.


IMPACT

        From the Sybase website:
        
        "Sybase is making this announcement proactively. These security 
        vulnerabilities were reported to us by Application Security Inc. There 
        have been no reported exploits of these vulnerabilities, and to date 
        it has not been reported by a Sybase customer. Sybase, Inc. 
        appreciates the efforts of Application Security Inc. to continually 
        strengthen software throughout the industry by monitoring and testing. 
        Specific credit for identifying this issue goes to Martin Rakhmanov, 
        and Esteban Martinez Fayo.
        
        Sybase is tracking these issues under the following CRs :
        
        CR#	CVSS  Issue				     Affected Versions
        719878	8.3   Elevated roles with creating proxy     All releases
        	      tables
        720247	6.0   Elevated roles involving the ASE	     All releases
        	      plugin for Sybase Central and create 
        	      table
        696415	6.4   Elevated roles through SQL injection   All releases
        726532	4.9   Information disclosure through 	     15.0.3 and later
        	      installation log files on Windows 
        	      platforms
        711707	2.2   Arbitrary code execution via stack     15.7 and later
        	      overflow
        712467	5.9   Denial of service on Windows	     All releases
        712855	7.7   Arbitrary code execution via stack     All releases
        	      overflow
        722639	6.5   Server side file corruption	     15.5 and later
        719733	1.6   Arbitrary code execution through Java  15.0.3 and later
        	      in ASE" [1]


MITIGATION

        From the Sybase website:
        
        "These issues are resolved by applying an ESD. Sybase recommends that 
        customers update their installations as soon as possible. The ESDs are 
        available for all versions of ASE for which customers have a valid 
        support contract from the EBFs Download Area of the Sybase website."
        [1]


REFERENCES

        [1] Urgent from Sybase: Security vulnerabilities in Adaptive Server
            Enterprise (ASE)
            http://www.sybase.com/detail?id=1099305

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUO9rWu4yVqjM2NGpAQKrvBAAwFh4rvhO3OX74A0bRQU/wdEe86bfy9ol
shjD3b8TNovUG9CBvlWN4xp+VyT7w0GkmOWNkpmeIQ7sLpmhadLfbJrIb0CRq2yR
hGqbipycNSIVut6ZPqoFUsEUIwT9Qglhc8PQdIygEcFenqQALle4DK9vBy+uirHC
VOlreNBvyw1hGQs1sij/I0DaMd+KG0tVbCnbZFflBHgnd3Tu1FDZhleAqRlSEJNA
4N8AQcxRhiKmbX4EvIVP546gR5mLC2mBzmvas24aKhHRMOFf42gGHwehkgSd+ezn
1TQaoN8YGOTB65k4cTDP/+HQ0Lk4O+hTxA32y9FTezIV+251eNV3XMEj8GL9Ah6T
6iI/qsvWDeQ0wWJt/pIMbSQ7zqop3pfP8UbG3yST4HI/jpmehMdtnRW21Enwd0c8
20CtwN6S3vHa4G0UHS7vxTdIkfBQ0Tsyct3wHLJtIoBc8eC1aH7ged5OJ6B6aBVf
Avv1HHMIonZ1TePdR/mR8OKua1Lza4LE96aFpYygJLWKqQNot6yLx5CBkr5B5czk
Q8EMNEFSW6bUmz/TFtZghtiPVLnef44X/SiQ9p1VC1iHpniXyCVrRI7KAOxfOuZH
PS5YRK0V+bm37v2eN1yad0sWcX++Dtt0uY3Pk2p7ZxoVgxaThLPdWKyN5UWA6KAo
hxyRPILy9Ww=
=TFFy
-----END PGP SIGNATURE-----