Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0125
Vulnerabilities have been identified and fixed in Sybase
Adaptive Server Enterprise.
7 November 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Sybase Adaptive Server Enterprise
Operating System: HP-UX
Linux variants
AIX
Windows
Solaris
Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified
Increased Privileges -- Unknown/Unspecified
Denial of Service -- Unknown/Unspecified
Access Confidential Data -- Unknown/Unspecified
Unauthorised Access -- Unknown/Unspecified
Resolution: Patch/Upgrade
Member content until: Saturday, December 7 2013
OVERVIEW
Vulnerabilities have been identified and fixed in Sybase Adaptive
Server Enterprise.
IMPACT
From the Sybase website:
"Sybase is tracking these issues under the following CR#s :
CR# CVSS Issue Affected Versions
CR729757 8.5 Missing authorization All versions
CR696708 check
CR723156
CR726532 4.9 Potential information 15.0.3 and later
disclosure
CR729766 6.8 Potential information All versions
disclosure
CR722777 5.4 Potential denial of service All versions
CR731758 8.5 Elevation of privileges 15.0.3 and later
CR726352 6.1 Directory traversal 15.0.3 and later
CR732989 8.7 Potential remote code execution 15.0.3 and later
CR736689 9.0 Potential remote code execution All versions
CR726934 6.3 Potential denial of service 15.7 and later
CR737762 7.2 Potential information All versions
disclosure" [1]
MITIGATION
From the Sybase website:
"These issues are resolved by applying an ESD. Sybase recommends that
customers update their installations as soon as possible. The ESDs
are available for all versions of ASE for which customers have a
valid support contract from the EBFs Download Area of the Sybase
website." [1]
REFERENCES
[1] Security Update for Adaptive Server Enterprise (ASE)
http://www.sybase.com/detail?id=1099371
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUnrykhLndAQH1ShLAQJHzA//fzRdGP4RwpDydBGPSMad3lKlBzpFx7XF
L29aVHObrOZFhov6Nu3EOAfdsOAXUntT/Ea8DelbgO9Ygzo4KDc2WFAK+vKp8diE
gSns76U0v5+l/JI7vuT5lABgW7nfkwSCCSBRAh/kFNRX75LcELqs5V5CPfBBBgNZ
XxblLtZgCqH87HnBrbyoRwTLNqj17jFTv6rbu7wMRKDELUAi7Y9o0eY1P0ElPEkC
myf/pVnQRrSeIZGb4UaemuMq6ZFKO2te8Kbb35+oDB1+vWzgP5mMkrhIGS1zSvXy
4X0TD+DacaO2G6uZ8IciSvzpy96+R9ZD5pkTqvQlfJ3uncEo92Y68La5GD0EjHJx
+BaCNuMJucEONiipYX6glbDflaypy59+ZXWTwUrCeelWBp29ur2Pkl0V9llfwFKv
44Fe0omq5xdbDx6xhpMGSxnVLXQ5fURUnU0nGBIsgbWHRYQterjC8fq9vXHbzpUP
BRYlu1KYPd/7ZAQOjSBuEnrP1M0DoTmjsuYDIyKz+wqe2Aszjypg8DfLhXuLWVkc
mS3jS88wr7HMtLwjZZ2zeO+pbph5vW2VtGkPlM1APVKcMeUvapM0ZGvHWnRKfaAB
ZlLdYUI6YMKy7QK/RYcq+rdf8YKW4H5+UI5ZKi+ySD174wpQfCP/YGac22HqhgKA
RT1n8/UmpqI=
=KN84
-----END PGP SIGNATURE-----