[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-2657

Date: (C)2012-08-31   (M)2017-08-29 


** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.

CVSS Score: 2.1Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
BID-53712
OSVDB-82460
http://www.openwall.com/lists/oss-security/2012/05/29/7
http://www.openwall.com/lists/oss-security/2012/05/29/10
http://www.openwall.com/lists/oss-security/2012/05/30/7
http://www.openwall.com/lists/oss-security/2012/05/31/2
http://www.openwall.com/lists/oss-security/2012/06/06/3
unixodbc-sdc-bo(75940)

CPE    3
cpe:/a:unixodbc:unixodbc:2.3.1
cpe:/a:unixodbc:unixodbc:2.3.0
cpe:/a:unixodbc:unixodbc:2.0.10
CWE    1
CWE-119

© 2013 SecPod Technologies