BugTraq
Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2 Jul 15 2005 07:31PM
SPI Labs (spilabs spidynamics com)
Stack-Based Buffer Overflow in Sybase EAServer 4.2.5 to 5.2
-----------------------------------------------------------

Release Date: July 15 2005
Severity: Medium

A vulnerability has been discovered in Sybase EAServer. If exploited,
this can result in
user-specified code being executed under the security context of the
jagsrv.exe process. To complete this attack, you must be authenticated
to /WebConsole/.
By default, the jagadmin user password is set to blank so getting access
might be trivial.

After authenticating to /WebConsole/ if an attacker sets the value of
the JavaScript
parameter in TreeAction.do to a large value a return address can be
overwritten due to a stack-based buffer overflow.

For more information about this advisory, please visit our advisory page
located at
http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm

[Remediation]
For a complete list of version affected and patch required, please visit
the complete advisory page
http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm

Vendor Information:
Sybase was contacted on 05/05/2005. For more information about this
advisory
Please visited Sybase alert page http://www.sybase.com/detail?id=1036742

Contact Information
spilabs (at) spidynamics (dot) com [email concealed]
SPI Dynamics, Inc.
115 Perimeter Center Place N.E.
suite 1100
Atlanta, GA. 30346
Toll-Free Phone: (866) 774-2700

SPI Dynamics was founded in 2000 by a team of accomplished Web security
specialists; SPI Dynamics is the leader in Web application security
technology. With such signature products as WebInspect, SPI Dynamics is
dedicated to protecting companies' most valuable assets. SPI Dynamics
has created a new breed of Internet security products for the Web
application, the most vulnerable yet least secure component of online
business infrastructure.

Copyright (c) 2005 SPI Dynamics, Inc. All rights reserved worldwide.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus