[Full-disclosure] Heap overflow in Sybase MobiLink 10.0.1.3629

From: Luigi Auriemma <aluigi_at_nospam>
Date: Wed Feb 20 2008 - 21:26:19 GMT
To: bugtraq@securityfocus.com, news@securiteam.com, full-disclosure@lists.grok.org.uk, vuln@secunia.com, packet@packetstormsecurity.org

#######################################################################
Luigi Auriemma Application: Sybase MobiLink http://www.sybase.com/developer/mobile/sqlanywhere/mobilink Versions: <= 10.0.1.3629 Platforms: Windows and Linux/Unix Bug: heap overflow Exploitation: remote Date: 20 Feb 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org
#######################################################################
1) Introduction 2) Bug
3) The Code
4) Fix

#######################################################################

Introduction

MobiLink is a centralized synchronization server for mobile platforms included in the Sybase SQL Anywhere package.

#######################################################################

2) Bug

The MobiLink server is affected by a heap overflow which happens during the handling of some strings like username, version and remote ID (all pre-auth) when have a lenght major than 128 bytes.

#######################################################################

3) The Code

http://aluigi.org/poc/mobilinkhof.zip

#######################################################################

4) Fix

No fix

#######################################################################

---
Luigi Auriemma
http://aluigi.org

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: michele dallachiesa: "[Full-disclosure] two (not critical) bugs in libnids 1.22"
Previous message: Stefan Esser: "[Full-disclosure] Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]