Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a
denial of service attack when a login is made with an invalid remote
Connecting to Sybase Adaptive Server Enterprise (ASE) 12.5 with
a valid login (correct user ID and password) and an invalid remote
password array causes an access violation on the server, resulting
in a denial of service. The SQL server is still running, accepting
new incoming connections. However, it does not respond to new login
requests, causing clients to wait indefinitely.
The remote password array is included in the TDS LOGINREC structure
and is of the format:
byte first server name length
byte first server name
byte first password length
byte first password
byte next server name length
byte total length of remote password arary
By specifying invalid lengths, a heap overflow can be triggered.
Preliminary investigation does not show that this can be exploited
to execute arbitrary code.