漏洞信息详情
Sybase公司的自适应服务系统xp_freedll缓冲区溢出漏洞
- CNNVD编号:CNNVD-200212-631
- 危害等级: 高危
- CVE编号: CVE-2002-2250
- 漏洞类型: 缓冲区溢出
- 发布时间: 2002-12-31
- 威胁类型: 远程
- 更新时间: 2002-12-31
- 厂 商: sybase
- 漏洞来源: Discovery of this ...
漏洞简介
Sybase公司的自适应服务系统12.0和12.5版本存在多个缓冲区溢出漏洞。远程攻击者可以借助(1)xp_freedll扩展存储过程的超长参数或(2)DBCC CHECKVERIFY参数的超长数据库名参数执行任意代码。
漏洞公告
The vendor has confirmed this issue and has released fixes which address this issue. Sybase Adaptive Server Enterprise 12.0 Win
- Sybase Adaptive Server 12.0.0.6 http://downloads.sybase.com/swd/swx
- Sybase Adaptive Server 12.5.0.2 http://downloads.sybase.com/swd/swx
- Sybase Adaptive Server 12.5.0.2 http://downloads.sybase.com/swd/swx
参考网址
来源: BUGTRAQ 名称: 20021127 ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY 链接:http://cert.uni-stuttgart.de/archive/bugtraq/2002/11/msg00364.HTML 来源: XF 名称: sybase-dbcc-checkverify-bo(10721) 链接:http://xforce.iss.net/xforce/xfdb/10721 来源: BID 名称: 6269 链接:http://www.securityfocus.com/bid/6269 来源: BID 名称: 6266 链接:http://www.securityfocus.com/bid/6266 来源: XF 名称: sybase-xpfreedll-dll-bo(10719) 链接:http://www.iss.net/security_center/static/10719.php 来源: www.appsecinc.com 链接:http://www.appsecinc.com/resources/alerts/sybase/02-0003.HTML 来源: www.appsecinc.com 链接:http://www.appsecinc.com/resources/alerts/sybase/02-0001.HTML 来源: BUGTRAQ 名称: 20021127 ASI Sybase Security Alert: Buffer overflow in xp_freedll 链接:http://cert.uni-stuttgart.de/archive/bugtraq/2002/11/msg00361.HTML 来源: NTBUGTRAQ 名称: 20021127 ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY 链接:http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0082.HTML 来源: NTBUGTRAQ 名称: 20021127 ASI Sybase Security Alert: Buffer overflow in xp_freedll 链接:http://archives.neohapsis.com/archives/ntbugtraq/2002-q4/0080.HTML
受影响实体
- Sybase Adaptive_server:12.0
- Sybase Adaptive_server:12.5
补丁
暂无
评论