Release date:
Updated on:
Affected Systems:
Sybase OneBridge Mobile Data Suite
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-2475
Sybase OneBridge Mobile Data Suite is a flexible Mobile solution that helps enterprises expand applications to front-line employees on a variety of Mobile devices.
Sybase OneBridge Mobile Data Suite has the format string Remote Code Execution Vulnerability. Remote attackers can exploit this vulnerability to execute arbitrary code in server processes.
This vulnerability is caused by listening to the iMailGatewayService server process (ECTrace. dll) of encrypted requests on TCP port 993 (IMAP) and Port 587 (SMTP) by default. The process did not properly filter malformed user string input until it was transferred to the authentication login function.
<* Source: Luigi Auriemma (aluigi@pivx.com)
Link: http://zerodayinitiative.com/advisories/ZDI-11-171/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sybase
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sybase.com/detail? Id = 1092074