Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0125 Vulnerabilities have been identified and fixed in Sybase Adaptive Server Enterprise. 7 November 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Sybase Adaptive Server Enterprise Operating System: HP-UX Linux variants AIX Windows Solaris Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Increased Privileges -- Unknown/Unspecified Denial of Service -- Unknown/Unspecified Access Confidential Data -- Unknown/Unspecified Unauthorised Access -- Unknown/Unspecified Resolution: Patch/Upgrade Member content until: Saturday, December 7 2013 OVERVIEW Vulnerabilities have been identified and fixed in Sybase Adaptive Server Enterprise. IMPACT From the Sybase website: "Sybase is tracking these issues under the following CR#s : CR# CVSS Issue Affected Versions CR729757 8.5 Missing authorization All versions CR696708 check CR723156 CR726532 4.9 Potential information 15.0.3 and later disclosure CR729766 6.8 Potential information All versions disclosure CR722777 5.4 Potential denial of service All versions CR731758 8.5 Elevation of privileges 15.0.3 and later CR726352 6.1 Directory traversal 15.0.3 and later CR732989 8.7 Potential remote code execution 15.0.3 and later CR736689 9.0 Potential remote code execution All versions CR726934 6.3 Potential denial of service 15.7 and later CR737762 7.2 Potential information All versions disclosure" [1] MITIGATION From the Sybase website: "These issues are resolved by applying an ESD. Sybase recommends that customers update their installations as soon as possible. The ESDs are available for all versions of ASE for which customers have a valid support contract from the EBFs Download Area of the Sybase website." [1] REFERENCES [1] Security Update for Adaptive Server Enterprise (ASE) http://www.sybase.com/detail?id=1099371 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUnrykhLndAQH1ShLAQJHzA//fzRdGP4RwpDydBGPSMad3lKlBzpFx7XF L29aVHObrOZFhov6Nu3EOAfdsOAXUntT/Ea8DelbgO9Ygzo4KDc2WFAK+vKp8diE gSns76U0v5+l/JI7vuT5lABgW7nfkwSCCSBRAh/kFNRX75LcELqs5V5CPfBBBgNZ XxblLtZgCqH87HnBrbyoRwTLNqj17jFTv6rbu7wMRKDELUAi7Y9o0eY1P0ElPEkC myf/pVnQRrSeIZGb4UaemuMq6ZFKO2te8Kbb35+oDB1+vWzgP5mMkrhIGS1zSvXy 4X0TD+DacaO2G6uZ8IciSvzpy96+R9ZD5pkTqvQlfJ3uncEo92Y68La5GD0EjHJx +BaCNuMJucEONiipYX6glbDflaypy59+ZXWTwUrCeelWBp29ur2Pkl0V9llfwFKv 44Fe0omq5xdbDx6xhpMGSxnVLXQ5fURUnU0nGBIsgbWHRYQterjC8fq9vXHbzpUP BRYlu1KYPd/7ZAQOjSBuEnrP1M0DoTmjsuYDIyKz+wqe2Aszjypg8DfLhXuLWVkc mS3jS88wr7HMtLwjZZ2zeO+pbph5vW2VtGkPlM1APVKcMeUvapM0ZGvHWnRKfaAB ZlLdYUI6YMKy7QK/RYcq+rdf8YKW4H5+UI5ZKi+ySD174wpQfCP/YGac22HqhgKA RT1n8/UmpqI= =KN84 -----END PGP SIGNATURE-----