 |
Name:
Sybase.SQL.Anywhere.MobiLink.Crafted.Strings.Buffe
|
Released Date:
Apr 22 2008
|
Severity:
critical
|
CVE:
2008-0912
|
|
|
Bugtraq:
27914
|
|
|
|
|
FortiGuard Center
> Vulnerability Encyclopedia
In-Depth Analysis
|
Description
|
This indicates an attempt to exploit a buffer overflow vulnerability in Sybase MobiLink.
The vulnerability is caused by a buffer overflow error in the MobiLink component, when processing overly long data (username, version or remote ID) sent to port 2439/TCP. It can be exploited by remote unauthenticated attackers to crash the application or execute arbitrary code.
|
|
|
|
Impact
|
Denial of service.
System Compromise: remote code execution.
|
|
|
|
Affected Products
|
|
Sybase MobiLink 10.0.1.3629
|
|
Aliases
|
|
References
|
http://www.securityfocus.com/bid/27914
http://www.frsirt.com/english/advisories/2008/0626
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0912
|
|
Recommended Actions
|
|
Currently we are not aware of any vendor supplied patch for this issue.
|
|
