Sybase Fixes Database Holes

Tuesday, January 15, 2013 @ 05:01 PM gHale


Sybase patched holes in its Adaptive Server Enterprise (ASE) product, fixing database vulnerabilities that could allow a hacker to execute code and bypass security parameters on the company’s main database server product.

As they’ve done before, the enterprise software and services company worked with researchers from TeamSHATTER, the research and development arm of AppSec, a New York City-based database security firm, to address the issues. This time around the vulnerabilities came to light via the company’s Technical Leads, Esteban Martinex Fayo and Martin Rakhmanov.

RELATED STORIES
Microsoft Sends Out Software Patches
Researchers Bypass Microsoft IE Fix
More Victims in IE Zero Day
Google Bans Auto Install

Sybase issued the nine patches for the product on Wednesday via an urgent customer notice.

Some of the vulnerabilities in ASE could have allowed a user to “acquire the server’s ‘SA’password,” circumvent Java security, execute arbitrary code, denial of service (DoS) attacks and SQL injections. The update affects three builds of ASE: 15, 15.5 and 15.7.

“Sybase has worked diligently to fix security flaws in the ASE line, and customers should immediately deploy these patches to ensure systems are not left open to attack,” said Alex Rothacker, director of security research, AppSecInc’s TeamSHATTER.



Leave a Reply

You must be logged in to post a comment.