mailing list archives
NII Advisory - Buffer Overflow in SQLBase (Revised)
From: "Network Intelligence India Pvt. Ltd." <info () nii co in>
Date: Sat, 8 Mar 2003 11:47:57 +0530
NII Advisory (Revised with vendor response and partial workaround)
Buffer Overflow in SQLBase
Original Advisory: http://www.nii.co.in/vuln/sqlbase.html
This is a revision to the earlier advisory about a buffer overflow in SQLBase
8.0 and 8.1.
To briefly recap:
This BO occurs by issuing the following command:
EXECUTE SYS.AAAAAAAAAAAA......(700 times).
It only requires the user to have CONNECT privileges, and results in the SQLBase
RDBMS crashing with Local System privileges on a Windows system.
We had released the original advisory (available at
http://www.nii.co.in/research/advisories.html) after not having received a
response from the vendor - Gupta Worldwide (http://www.guptaworldwide.com).
This situation has now changed, and the summary of the vendor's response is as
"The problem does exist and we are regarding it seriously. We have targetted
the fix for the SQLBase Release scheduled for May."
Also, the vendor suggest the following measures be taken until then:
"In the meantime, the recommendation to prevent this type of attack is to
access to your SQLBase databases, because in order to perform this attack
the user must have been authorized with at least CONNECT rights. This means
that the default passwords for SYSADM, SYSSQL, & SYSREP are recommended to
be changed. By eliminating the unauthorized access to the database, you can
prevent unauthorized user from performing this attack."
This however, does not prevent an authorized user from executing the attack
The revised advisory is now available at www.nii.co.in/vuln/sqlbase.html
Network Intelligence India Pvt. Ltd.
Security Auditing Handbooks
Full-Disclosure - We believe in it.
- NII Advisory - Buffer Overflow in SQLBase (Revised) Network Intelligence India Pvt. Ltd. (Mar 08)