Urgent from Sybase: Security Issue in EAServer 5.2 - Addendum

Customer Alert

A variant of the previously identified buffer overflow vulnerability has been found in EAServer 5.2. Sybase is making this announcement proactively. This issue was reported to us by a company called Tenable Network Security. There have been no reported exploits of this vulnerability, and to date it has not been reported as an issue by a Sybase customer.

Tenable Network Security provides security management solutions for large and small networks and is sponsoring a open source internet vulnerability scanner project called Nessus. Sybase Inc. appreciates the efforts of Tenable Network Security to continually strengthen software throughout the industry by monitoring and testing.

This is considered a vulnerability with a high risk. To exploit this attack, the user does not need to be authenticated to WebConsole.

This issue is resolved by applying the appropriate EBF detailed in the original announcment.

Recommendation

Customers are strongly advised to immediately update their EAServer 5.2 installations with appropriate EBF detailed in the original announcment.