Switch to standard view 
  Sybase logo
 
 
 



Urgent from Sybase: Possible security vulnerability in Open Server 15.5 and earlier.

This also affects EAServer, RAP – The Trading Edition, ECDA, MFC/DC, Replication Server, OpenSwitch and ASE.

Summary: This notification describes a situation where Open Server 15.5 and earlier versions exhibit possible security vulnerabilities as described below. These vulnerabilities are resolved by applying an EBF. Sybase recommends that customers update their installations as soon as possible. The EBFs are available from the EBFs Download Area of the Sybase website. This also affects those products that include Open Server; Adaptive Server Enterprise (ASE), Replication Server, ECDA, MFC/DC, RAP – The Trading Edition, OpenSwitch and EAServer.


Contents

This document contains the following sections:

  • Customer Alert
  • Recommendation

Customer Alert

Sybase is making this announcement proactively. These issues were reported to us by The Zero Day Initiative (ZDI), founded by TippingPoint. There have been no reported exploits of this vulnerability, and to date it has not been reported by a Sybase customer. Sybase, Inc. appreciates the efforts of ZDI to continually strengthen software throughout the industry by monitoring and testing. Specific credit for identifying these issues goes to Luigi Auriemma.

Recommendations

Corrective Action

Update to the latest EBFs for applicable versions as detailed in tables below.

Fixed Versions

The CRs below are resolved in Open Server 15.5 ESD# 9. For those products that are affected because they include Open Server please see the table below of affected versions.

Tracking

Sybase is tracking these issues under the following CR#s :

  • 657181 - Malformed TDS vulnerability
  • 661694 - Login packet vulnerability

These CRs are fixed in the following EBFs according to the affected product.

NOTE : Within the ASE Bundle, only the supplemental servers are affected. That is Backup Server, Monitor Server, Historical Server, XP Server, and Job Scheduler. The ASE Server itself is not affected by this issue.

Affected Products & Versions

Product Version Platforms Notes
Adaptive Server Enterprise (ASE) 15.0.3 ESD#4 ONE-Off All currently available platforms. Available for Localized Versions.
Adaptive Server Enterprise (ASE) 15.0.3 CE ONE-Off SunSPARC 64, Linux x86-64, HP IA 64, IBM AIX 64 Available for Localized Versions.
Adaptive Server Enterprise (ASE) 15.5 ESD#4 All currently available platforms. Available for Localized Versions.
Adaptive Server Enterprise (ASE) 15.5 CE ESD#4 All currently available platforms. Available for Localized Versions.
Replication Server 15.1 ESD#2 ONE-Off All currently available platforms.
Replication Server 15.2 ESD#3 ONE-Off All currently available platforms. Available for Localized Versions.
Replication Server 15.5 ESD#1 ONE-Off All currently available platforms.
Replication Server 15.6 ESD#1 All currently available platforms.
ECDA 15.0 ESD#6 All currently available platforms.
MFC/DC 15.0 ESD#6 All currently available platforms.
RAP – The Trading Edition R4.1 All currently available platforms. Available for Localized Versions. RAP customers will only need to install the applicable ASE ESD if they are using Monitor Server or Backup Server.
OpenSwitch 15.1 ESD#5 All currently available platforms. OpenSwitch used OCS 15.5 ESD#7 ONE-OFF which includes fixes for these issues.
EAServer Update to 6.3.1 ESD#3 All currently available platforms.

NOTE: The set of tables below give the EBF numbers per product and version

Open Server 15.5 ESD# 9 EBF#s

Platform EBF#
Sun Solaris SPARC 32-bit 18618
Sun Solaris SPARC 64-bit 18620
Linux x86 32-bit 18622
Linux x86-64 64-bit 18624
HP-UX PA-RISC 32-bit 18626
HP-UX PA-RISC 64-bit 18628
IBM AIX 32-bit 18630
IBM AIX 64-bit 18632
Windows x86 32-bit 18634
Linux on POWER 32-bit 18636
Linux on POWER 64-bit 18638
HP-UX Itanium 32-bit 18640
Sun Solaris x86 32-bit 18642
Sun Solaris x64 64-bit 18644
HP-UX Itanium 64-bit 18646
Windows x64 64-bit 18648

ASE 15.0.3 ESD# 4 ONE-OFF EBF#s

Platform EBF#
Sun Solaris SPARC 64-bit 18839
Linux x86-64 64-bit 18840
Windows x86 32-bit 18841
HP-UX Itanium 64-bit 18842
HP-UX PA-RISC 64-bit 18843
Linux on POWER 64-bit 18844
IBM AIX 64-bit 18845
Linux x86 32-bit 18846
Sun Solaris SPARC 32-bit 18847
Windows x64 64-bit 18848
Sun Solaris x64 64-bit 18849

ASE 15.0.3 CE ONE-OFF EBF#s

Platform EBF#
SunSPARC 64 19178
Linux x86-64 19179
HP Itanium 64 19181
IBM AIX 64 19180

ASE 15.5 ESD# 4 EBF#s

HP-UX Itanium 64-bit 18659
HP-UX PA-RISC 64-bit 18652
IBM AIX 64-bit 18658
Linux on POWER 64-bit 18653
Linux x86 32-bit 18656
Linux x86-64 64-bit 18661
Sun Solaris SPARC 64-bit 18657
Sun Solaris SPARC 32-bit 18651
Sun Solaris x64 64-bit 18660
Windows x64 64-bit 18655
Windows x86 32-bit 18654

ASE 15.5 CE ESD# 4 EBF#s

HP-UX Itanium 64-bit 18665
IBM AIX 64-bit 18664
Linux x86-64 64-bit 18663
Sun Solaris SPARC 64-bit 18662
Sun Solaris x64 64-bit 18666

Replication Server 15.1 ESD# 2 ONE-OFF EBF#s

Platform EBF#
HP-UX PA-RISC 32-bit 19260
HP-UX Itanium 32-bit 19261
Linux x86 32-bit 19262
Windows X86 32-bit 19263
IBM AIX 32-bit 19264
Sun Solaris SPARC 32-bit 19265
Sun Solaris x64 32-bit 19266
Linux on POWER 64-bit 19267

Replication Server 15.2 ESD# 3 ONE-OFF EBF#s

Platform EBF#
HP-UX Itanium 64-bit 19240
Linux on POWER 64-bit 19241
Linux x86 32-bit 19242
Windows X86 32-bit 19243
IBM AIX 64-bit 19244
Sun Solaris SPARC 64-bit 19245
Sun Solaris x64 64-bit 19246

Replication Server 15.5 ESD# 1 ONE-OFF EBF#s

Platform EBF#
Sun Solaris SPARC 64-bit 19218
Sun Solaris x64 64-bit 19219
HP-UX Itanium 64-bit 19220
Windows X86 32-bit 19221
Windows X64 64-bit 19222
Linux x86 32-bit 19223
Linux x86-64 64-bit 19224
IBM AIX 64-bit 19225
Linux on POWER 64-bit 19226

Replication Server 15.6 ESD# 1 EBF#s

Platform EBF#
Sun Solaris SPARC 64-bit 18540
Sun Solaris x64 64-bit 18541
HP-UX Itanium 64-bit 18542
Windows X86 32-bit 18543
Windows X64 64-bit 18544
Linux x86 32-bit 18545
Linux x86-64 64-bit 18546
IBM AIX 64-bit 18547
Linux on POWER 64-bit 18548

ECDA 15.0 ESD# 6 EBF#s

Platform EBF#
Windows x86 19094
IBM AIX 19095
HP-UX PA-RISC 19096
HP-UX Itanium 19097
Linux x86 19098
Sun Solaris SPARC 19099

MFC/DC 15.0 ESD# 6 EBF#s

Platform EBF#
Windows x86 19100
IBM AIX 19101
HP-UX PA-RISC 19102
HP-UX Itanium 19103
Linux x86 19104
Sun Solaris SPARC 19105

OpenSwitch 15.1 ESD# 5 EBF#s

Platform EBF#
Sun Solaris SPARC 32-bit 19019
IBM AIX 32-bit 19020
HP-UX PA-RISC 32-bit 19021
Windows x86 32-bit 19022
Linux x86 32-bit 19023
Linux on POWER 32-bit 19024

EAServer 6.3.1 ESD# 3 EBF#s

Platform EBF#
Windows x86 32-bit 19113
Sun Solaris SPARC 32-bit 19114
Linux x86 32-bit 19115
HP-UX Itanium 32-bit 19116
IBM AIX 32-bit 19117

Downloads

EBFs are obtained from the Sybase EBFs and Maintenance site.

http://downloads.sybase.com/

Follow the instructions in the EBF cover letter to install the EBF.


If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.

http://www.sybase.com/contactus/support


Copyright © 2011 Sybase, Inc. All rights reserved.



Back to Top
© Copyright 2010, Sybase Inc.