Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Multiple vulnerabilities in solidDB 06.00.1018

from [Luigi Auriemma] Network Security [Permanent Link]
Subject: [Full-disclosure] Multiple vulnerabilities in solidDB 06.00.1018
Date: Wed, 26 Mar 2008 21:29:48 +0100 

#######################################################################

                             Luigi Auriemma

Application:  IBM solidDB
              
http://www.solidtech.com/en/products/relationaldatabasemanagementsoftware/embed.asp
Versions:     <= 06.00.1018
Platforms:    Windows (tested), Solaris, AIX, HP-UX and Linux
Bugs:         A] format string in logging function
              B] crash caused by arbitrary array index
              C] NULL pointer
              D] server termination through allocation error
Exploitation: remote
Date:         26 Mar 2008
Author:       Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============



From vendor's website:

"solidDB 6 is a relational database designed for fast, always-on access
to data under high throughput conditions, to satisfy the real-time
demands of communications platforms and applications. It includes both
in-memory and on-disk engines, accessed by a single SQL interface."

This engine, originally developed by solid and now maintained by IBM,
is also used in the products of various vendors.


#######################################################################

=======
2) Bugs
=======

------------------------------------
A] format string in logging function
------------------------------------

The logging function used for keeping tracks of the various errors and
operations (like wrong logins) is affected by a format string
vulnerability exploitable for example using a malformed user or peer
name.


----------------------------------------
B] crash caused by arbitrary array index
----------------------------------------

A 32 bit number provided by the client is used on the server as an
index for reading some values in an array, a too big number can be used
to crash the server due to the access to invalid memory.


---------------
C] NULL pointer
---------------

A NULL pointer vulnerability can be exploited through the sending of a
specific type of packet.


----------------------------------------------
D] server termination through allocation error
----------------------------------------------

A malformed packet can be used to terminate the server with the error
message "Out of central memory" caused by the impossibility of
allocating a certain amount of memory.


#######################################################################

===========
3) The Code
===========


http://aluigi.org/poc/soliduro.zip


#######################################################################

======
4) Fix
======


No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Multiple vulnerabilities in solidDB 06.00.1018, Luigi Auriemma <=
Previous by Date:  Re: hacking the mitsubishi GB-50A, Chris Withers
Next by Date:  [ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities, security
Previous by Thread:  Invision Power Board <=2.3.x iFrame Vuln, shaheemirza
Next by Thread:  [ MDVSA-2008:076 ] - Updated wml packages fix symlink vulnerabilities, security
Indexes:  [Date] [Thread] [Top] [All Lists]