CVE-2008-0912 – Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-0912

Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de búfer basados en montículo en mlsrv10.exe de Sybase MobiLink 10.0.1.3629 y anteriores, del modo que se usa en SQL Anywhere Developer Edition 10.0.1.3415 y probablemente otros productos, permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída del demonio) a través de 1) nombre de usuario, (2) versión o (3) ID remota largos. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/31271 http://aluigi.altervista.org/adv/mobilinkhof-adv.txt http://secunia.com/advisories/29045 http://securityreason.com/securityalert/3691 http://www.securityfocus.com/archive/1/488409/100/0/threaded http://www.securityfocus.com/archive/1/490259/100/0/threaded http://www.securityfocus.com/bid/27914 http://www.securitytracker.com/id?1019469 http://www.vupen.com/english/advisories/2008/0626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •