Switch to standard view 
  Sybase logo
 
 
 



Security Update for Adaptive Server Enterprise (ASE)

Summary: This notification describes a situation where ASE exhibits possible security issues as described below. These issues are resolved by applying an ESD. Sybase recommends that customers update their installations as soon as possible. The ESDs are available for all versions of ASE for which customers have a valid support contract from the EBFs Download Area of the Sybase website.

Sybase is issuing this notification proactively. To date there have been no exploits reported by Sybase customers or others.

Recommendations

Corrective Action

Update to the latest ESDs for applicable versions as detailed in tables below.

Tracking

Sybase is tracking these issues under the following CR#s :

CR# CVSS Base Score CVSS Base Vector Issue Affected Versions SAP Note Finder
CR729757
CR696708
CR723156
8.5 AV:N/AC:M/AU:S/C:C/I:C/A:C Missing authorization check All versions 1849356 Application Security, Inc
CR726532 4.9 AV:L/AC:L/AU:N/C:C/I:N/A:N Potential information disclosure 15.0.3 and later 1809246 Application Security, Inc
CR729766 6.8 AV:N/AC:L/AU:S/C:C/I:N/A:N Potential information disclosure All versions 1887341 Positive Technologies
CR722777 5.4 AV:N/AC:H/AU:N/C:N/I:N/A:C Potential denial of service All versions 1887342 Application Security, Inc
CR731758 8.5 AV:N/AC:M/AU:S/C:C/I:C/A:C Elevation of privileges 15.0.3 and later 1893440 Application Security, Inc
CR726352 6.1 AV:N/AC:H/AU:S/C:C/I:P/A:P Directory traversal 15.0.3 and later 1893556 Application Security, Inc
CR732989 8.7 AV:N/AC:L/AU:S/C:C/I:P/A:C Potential remote code execution 15.0.3 and later 1893558 Application Security, Inc
CR736689 9.0 AV:N/AC:L/AU:S/C:C/I:C/A:C Potential remote code execution All versions 1893560 Application Security, Inc
CR726934 6.3 AV:N/AC:M/AU:S/C:N/I:N/A:C Potential denial of service 15.7 and later 1893561 Application Security, Inc
CR737762 7.2 AV:L/AC:L/AU:N/C:C/I:C/A:C Potential information disclosure All versions 1893562 Shenzhew Huawei Technology

Fixed Versions

Product Version Notes
ASE 15.7 15.7 SP100 EBF can be used for localized versions
ASE 15.7 15.7 SP50 EBF can be used for localized versions
ASE 15.5 15.5 ESD#5.3 EBF can be used for localized versions
ASE 15.0.3 15.0.3 ESD#4.3 EBF can be used for localized versions

Downloads

EBFs are obtained from the Sybase EBFs and Maintenance site.

http://downloads.sybase.com/

Follow the instructions in the EBF cover letter to install the EBF.


If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.

http://www.sybase.com/contactus/support

Acknowledgement

These issues were reported to Sybase by security researchers Martin Rakhmanov and Vladimir Zakharevich from Application Security, Inc; Yury Maryshev from Positive Technologies; and Shenzhew Huawei Technology Company. Sybase appreciates the efforts of these researchers to continually strengthen software security throughout the industry by monitoring and testing.


Copyright © 2013 Sybase, Inc. All rights reserved.



Back to Top
© Copyright 2010, Sybase Inc.