Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: sb5985.htm

SQLBase Buffer OverFlow
11th Feb 2003 [SBWID-5985]

	SQLBase Buffer OverFlow


	SQLBase 8.1.0


	In  an  advisory  by  Arjun  Pednekar  []   of   Network
	Intelligence India Pvt. Ltd. [] :
	Execute command executes a stored command or procedure.  The  syntax  of
	this command is :
	    EXECUTE [auth ID].stored_command_or_procedure_name
	Passing an extremely large command/procedure name as  the  parameter  to
	the  Execute  command  crashes  SQLBase,  giving  the  attacker   System
	Buffer  overflow   occurs   when   the   string   length   exceeds   700
	characters.The command we executed was as follows:
	This was found to be true on a database we  had  created,  but  it  also
	does exist on the default ISLAND database. This could potentially  allow
	execution of system commands with privileges  of  the  GuptaSQL  Service
	(Local System). This vulnerability causes the SQL Base service to  crash
	thus closing down the database.  If  not  for  system  exploitation,  it
	could easily be used for a very simple denial of service
	Buffer Overflow in EXECUTE Command was detected in  earlier  version  of
	SQLBase (v 8.0.0) by NII in early January. The vendor  released  a  list
	of patches to this version one of which was bug ID 76532B
	However it seems that the vendor has  not  patched  the  latest  version
	correctly. The new version, v 8.1.0, also has  a  similar  vulnerability
	but it requires 700 characters instead of the earlier 350.


	Check Gupta Technologies LLC

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH