Sybase ASE Password Array Heap Overflow Vulnerability

November 21, 2003

[From Secunia Stay Secure]

A vulnerability has been identified in Sybase ASE (Adaptive Server Enterprise), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

The vulnerability is caused due to a boundary error when handling remote password arrays. This can be exploited to cause a heap overflow by supplying a remote password array with invalid lengths. Reportedly, execution of arbitrary code is not believed possible but cannot be ruled out completely.

The article continues at http://www.secunia.com/advisories/10273/