Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a denial of service attack when a login is made with an invalid remote password array.
Connecting to Sybase Adaptive Server Enterprise (ASE) 12.5 with a valid login (correct user ID and password) and an invalid remote password array causes an access violation on the server, resulting in a denial of service. The SQL server is still running, accepting new incoming connections. However, it does not respond to new login requests, causing clients to wait indefinitely.
The remote password array is included in the TDS LOGINREC structure and is of the format:
byte first server name length byte first server name byte first password length byte first password byte next server name length ... byte total length of remote password arary
By specifying invalid lengths, a heap overflow can be triggered. Preliminary investigation does not show that this can be exploited to execute arbitrary code.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center