CVE-2006-3857

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-3857 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by David Litchfield.
The original article can be found at: http://www.ngssoftware.com/research/

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-3857

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

At the SQL level the following SQL statements are vulnerable to overflow.
SET DEBUG FILE
IFX_FILE_TO_FILE
FILETOCLOB
LOTOFILE
DBINFO

At the protocol level, overflows were found in the following C functions
_sq_remview
_sq_remproc
_sq_remperms
_sq_distfetch
_sq_dcatalog

Each of these call the getname() function. The getname() function takes a source string and copies it to a destination buffer - much like strcpy().

Each of these overflows are trivially exploitable. All have been assigned to CVE-2006-3857.

Further to these overflows, unhandled exceptions can be triggered with a NULL pointer in the _sq_scroll and _sq_bbind functions at the protocol level. Exploitation of these two flaws would result in a DoS condition. These two issues have been assigned to CVE-2006-3856.

Fix Information:
IBM was alerted to these flaws between the 6th and the 18th January 2005. Patches have now been made available.

CVE Information:
CVE-2006-3857

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus