Vulnerability Name: CVE-2005-0441 (CCN-19354) Assigned: 2004-12-22 Published: 2004-12-22 Updated: 2017-07-11 Summary: Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement. CVSS v3 Severity: 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C 6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Other References: Source: BUGTRAQ20041222 Sybase ASE 12.5.2 vulnerabilities Sybase ASE 12.5.2 vulnerabilities CVE-2005-0441 20050405 Sybase ASE Multiple Security Issues (#NISR05042005) Sybase ASE Multiple Vulnerabilities 13632 Sybase Adaptive Server Enterprise Has Three Unspecified High Risk Flaws Sybase ASE Multiple Security Issues http://www.ngssoftware.com/advisories/sybase-ase.txt Sybase ASE attrib_valid Function Overflow Sybase ASE xp_server Malformed Data DoS Sybase ASE convert Function Overflow Sybase ASE declare Statement Overflow Sybase ASE abstract plan Syntax Overflow 20050321 Details of Sybase ASE bugs withheld Details of Sybase ASE bugs withheld 12080 Sybase Adaptive Server Enterprise Multiple Unspecified Vulnerabilities Sybase Adaptive Server Enterprise Unspecified Vulnerability Sybase Adaptive Server Enterprise Attrib_Valid Remote Buffer Overflow Vulnerability Sybase Adaptive Server Enterprise Install Java Remote Buffer Overflow Vulnerability Sybase Adaptive Server Enterprise XP_Server Remote Denial Of Service Vulnerability Sybase Adaptive Server Enterprise Query Plan Buffer Overflow Vulnerability Sybase Adaptive Server Enterprise Convert Function Remote Buffer Overflow Vulnerability Sybase Adaptive Server Enterprise Declare Extension Remote Buffer Overflow Vulnerability http://www.sybase.com/detail/1,6904,1033894,00.html Sybase Inc - Urgent Customer Notification: Security Issues in ASE 12.5.3 and Earlier http://www.sybase.com/detail?id=1034520 http://www.sybase.com/detail?id=1034752 Adaptive Server Enterprise sybase-adaptive-multiple-bo(19354) sybase-adaptive-server(19354) sybase-ase-attribvalid-bo(19974) sybase-ase-convert-bo(19976) sybase-ase-declare-bo(19978) sybase-ase-abstract-bo(19979) sybase-ase-install-java-bo(19980) Vulnerable Configuration: Configuration 1 :cpe:/a:sybase:adaptive_server_enterprise:11.03.3:*:linux:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5:*:digital_unix:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5:*:hp:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5:*:sun:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5:*:win:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5.1:*:digital_unix:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5.1:*:hp:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5.1:*:sun:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5.1:*:win:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.9.2:*:digital_unix:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.9.2:*:hp:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.9.2:*:sun:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.9.2:*:win:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0:*:digital_unix:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0:*:hp:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0:*:sun:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0:*:win:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0.1:*:digital_unix:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0.1:*:hp:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0.1:*:sun:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0.1:*:win:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:digital_unix:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:hp:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:linux:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:sgi:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:sun:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:win:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5.2:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5.3:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:sybase:adaptive_server_enterprise:11.03.3:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.5.1:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:11.9.2:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.0.1:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5.2:*:*:*:*:*:*:* OR cpe:/a:sybase:adaptive_server_enterprise:12.5.3:*:*:*:*:*:*:* BACK
sybase adaptive server enterprise 11.03.3
sybase adaptive server enterprise 11.5
sybase adaptive server enterprise 11.5
sybase adaptive server enterprise 11.5
sybase adaptive server enterprise 11.5
sybase adaptive server enterprise 11.5.1
sybase adaptive server enterprise 11.5.1
sybase adaptive server enterprise 11.5.1
sybase adaptive server enterprise 11.5.1
sybase adaptive server enterprise 11.9.2
sybase adaptive server enterprise 11.9.2
sybase adaptive server enterprise 11.9.2
sybase adaptive server enterprise 11.9.2
sybase adaptive server enterprise 12.0
sybase adaptive server enterprise 12.0
sybase adaptive server enterprise 12.0
sybase adaptive server enterprise 12.0
sybase adaptive server enterprise 12.0.1
sybase adaptive server enterprise 12.0.1
sybase adaptive server enterprise 12.0.1
sybase adaptive server enterprise 12.0.1
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5.2
sybase adaptive server enterprise 12.5.3
sybase adaptive server enterprise 11.03.3
sybase adaptive server enterprise 11.5
sybase adaptive server enterprise 11.5.1
sybase adaptive server enterprise 11.9.2
sybase adaptive server enterprise 12.0
sybase adaptive server enterprise 12.0.1
sybase adaptive server enterprise 12.5
sybase adaptive server enterprise 12.5.2
sybase adaptive server enterprise 12.5.3
Denotes that component is vulnerable