HTTP: Sybase EAServer WebConsole Buffer Overflow
This signature detects an attempt to exploit a known vulnerability in the Sybase EAServer WebConsole. Sybase EAServer versions 5.2 and earlier are vulnerable. By supplying a maliciously crafted URL request, the client can potentially execute arbitrary commands on the server with daemon permissions.
Extended Description
Sybase EAServer is affected by a remote buffer-overflow vulnerability. The vulnerability exists in the server's WebConsole. A successful attack can overflow a finite-sized buffer and ultimately lead to arbitrary code execution in the context of the 'jagsrv.exe' process. This may allow the attacker to gain elevated privileges. Note that an attacker needs to provide authentication credentials before carrying out this attack.
Affected Products
Sybase enterprise_application_server
References
BugTraq: 14287
CVE: CVE-2005-2297
URL: http://www.sybase.com/detail?id=1036742 http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm
Short Name
HTTP:OVERFLOW:SYBASE-WEBCONSOLE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2005-2297 EAServer Overflow Sybase WebConsole bid:14287
Release Date
08/16/2005
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3727
False Positive
Unknown
Vendors
Sybase
CVSS Score
4.6