Sybase Patches Database Server Holes
Three buffer overflow vulnerabilities found in the servers could let an attacker overwrite the stack and execute arbitrary code.SHATTER, Application Security Inc.s security and development team, last week discovered three new potential security holes in Sybase Inc. database servers. The team, aka Security Heuristics of Application Testing Technology for Enterprise Research, found the following vulnerabilities, which could theoretically enable an attacker to overwrite the stack and execute arbitrary code: DBCC CHECK VERIFY buffer overflow, DROP DATABASE buffer overflow and xp_freedll buffer overflow. Analysts say buffer overflow vulnerabilities such as these are a "dime a dozen" nowadays. Still, users have to stay on top of them, just in case. "Its a constant reminder that you can never be truly secure," said Pete Lindstrom, an analyst with Spire Security, in Malvern, Pa. "Youre never quite sure if theyre incredibly significant or if they can be incredibly significant down the road."
Tom Traubitz, senior marketing manager for Sybase, in Dublin, Calif., said the vulnerabilities are "hypothetical," in that the only persons who would have access to exploiting them would be trusted users anyway.