Heap overflow in Sybase MobiLink 10.0.1.3629

2008.02.24
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

####################################################################### Luigi Auriemma Application: Sybase MobiLink http://www.sybase.com/developer/mobile/sqlanywhere/mobilink Versions: <= 10.0.1.3629 Platforms: Windows and Linux/Unix Bug: heap overflow Exploitation: remote Date: 20 Feb 2008 Author: Luigi Auriemma e-mail: aluigi (at) autistici (dot) org [email concealed] web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== MobiLink is a centralized synchronization server for mobile platforms included in the Sybase SQL Anywhere package. ####################################################################### ====== 2) Bug ====== The MobiLink server is affected by a heap overflow which happens during the handling of some strings like username, version and remote ID (all pre-auth) when have a lenght major than 128 bytes. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/mobilinkhof.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top