CVE-2005-0441

Sažetak

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-12/0315.html
http://www.securityfocus.com/archive/1/393851
http://www.ngssoftware.com/advisories/sybase-ase.txt
http://www.sybase.com/detail?id=1034520
http://www.sybase.com/detail?id=1034752
http://www.securityfocus.com/bid/12080
http://secunia.com/advisories/13632
http://marc.info/?l=bugtraq&m=111272918117194&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19980
https://exchange.xforce.ibmcloud.com/vulnerabilities/19979
https://exchange.xforce.ibmcloud.com/vulnerabilities/19978
https://exchange.xforce.ibmcloud.com/vulnerabilities/19976
https://exchange.xforce.ibmcloud.com/vulnerabilities/19974
https://exchange.xforce.ibmcloud.com/vulnerabilities/19354
http://www.sybase.com/detail/1%2C6904%2C1033894%2C00.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 01:57

Objavljeno

22-12-2004 - 05:00