CVE-2008-0912: Buffer Overflow
First published: Fri Feb 22 2008(Updated: )
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sybase MobiLink | <=10.0.1.3629 | |
| SAP SQL Anywhere | =10.0.1.3415 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aluigi.altervista.org/adv/mobilinkhof-adv.txt
- http://www.securityfocus.com/bid/27914
- http://secunia.com/advisories/29045
- http://www.securitytracker.com/id?1019469
- http://securityreason.com/securityalert/3691
- http://www.vupen.com/english/advisories/2008/0626
- http://www.securityfocus.com/archive/1/490259/100/0/threaded
- http://www.securityfocus.com/archive/1/488409/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0912?
CVE-2008-0912 has a high severity rating due to its potential for remote code execution and denial of service.
How do I fix CVE-2008-0912?
To fix CVE-2008-0912, upgrade to Sybase MobiLink version 10.0.1.3630 or later.
What products are affected by CVE-2008-0912?
CVE-2008-0912 affects Sybase MobiLink versions up to 10.0.1.3629 and SQL Anywhere Developer Edition version 10.0.1.3415.
Can CVE-2008-0912 lead to data breaches?
Yes, CVE-2008-0912 can potentially lead to data breaches by allowing remote attackers to execute arbitrary code.
What type of attack does CVE-2008-0912 facilitate?
CVE-2008-0912 facilitates attacks through heap-based buffer overflows caused by excessively long usernames.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/sybase
- canonical/sybase mobilink
- version/sybase mobilink/10.0.1.3629
- canonical/sap sql anywhere
- version/sap sql anywhere/10.0.1.3415