Urgent from Sybase: Security Issues in ASE 12.5.3 and Earlier
Summary: Adaptive Server Enterprise 12.5.3 contains some security vulnerabilities that are resolved in Adaptive Server Enterprise 12.5.3 ESD#1. Sybase recommends that customers upgrade to Adaptive Server Enterprise 12.5.3 ESD#1 as soon as possible. These vulnerabilities also affect previous versions of Adaptive Server Enterprise. Please contact your local support centre for information relating to resolution of the security vulnerabilities on such previous versions.
This document contains the following sections:
- Customer Alert
Certain issues relating to buffer overflow and denial of service were identified in Adaptive Server Enterprise (ASE) 12.5.3, and previous versions. Sybase is making this announcement proactively. None of these issues have been reported to Sybase by customers or partners. Some of the issues were identified by NGS Software Ltd (UK). NGS Software Ltd (UK), amongst other things, conducts research into vulnerabilities in enterprise level software.
Please note that to protect the security and integrity of the existing operating environments, NGS Software Ltd (UK) has not published the details of the security vulnerabilities. However if NGS Software Ltd (UK) follow their stated policy they will publish details of the issues they identified on or after 21st March 2005. Sybase Inc. appreciates the efforts of NGS Software Ltd (UK) to continually strengthen software throughout the industry by monitoring and testing.
Sybase strongly recommends that all customers upgrade to ASE 12.5.3 ESD#1. This software can be obtained from the Sybase EBFs and Maintenance site.
Follow the instructions in the ESD coverletter to install the ESD.
If you require further assistance please contact your local support centre.