Sybase EAServer is the leading solution for distributed and Web-enabled PowerBuilder applications. EA Server can be used to run multiple websites, portals or Web applications. It allows access from Web browsers and provides a development platform for enterprise Web services.
Sow Ching Shiong, an independent vulnerability researcher has identified a Directory Traversal vulnerability in Sybase EAServer. This issue was discovered in a default installation of Sybase EAServer 6.3.1 Developer Edition running on Windows 2003 Server. Other earlier versions may also be affected.
Proof of concept
http://[target]:8000/images//.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\boot.ini
Solution
Sybase has released patches which address this issue. Please see the references for more information.
References
Vendor URL: http://www.sybase.com/detail?id=1093216
iDefense: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=912
Secunia: http://secunia.com/advisories/44666/
Disclosure Timeline
2011-01-25 - Vulnerability discovered.
2011-01-25 - Vulnerability reported to iDefense.
2011-03-29 - iDefense confirmed the vulnerability and contacted the vendor.
2011-05-23 - Patch released.
2011-05-25 - Advisory published by iDefense.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.