Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19526
HistoryMar 27, 2008 - 12:00 a.m.

Multiple vulnerabilities in solidDB 06.00.1018

2008-03-2700:00:00
vulners.com
19
JSON

#######################################################################

                         Luigi Auriemma

Application: IBM solidDB

http://www.solidtech.com/en/products/relationaldatabasemanagementsoftware/embed.asp
Versions: <= 06.00.1018
Platforms: Windows (tested), Solaris, AIX, HP-UX and Linux
Bugs: A] format string in logging function
B] crash caused by arbitrary array index
C] NULL pointer
D] server termination through allocation error
Exploitation: remote
Date: 26 Mar 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org

#######################################################################

1) Introduction
2) Bugs
3) The Code
4) Fix

#######################################################################

===============
1) Introduction

From vendor's website:
"solidDB 6 is a relational database designed for fast, always-on access
to data under high throughput conditions, to satisfy the real-time
demands of communications platforms and applications. It includes both
in-memory and on-disk engines, accessed by a single SQL interface."

This engine, originally developed by solid and now maintained by IBM,
is also used in the products of various vendors.

#######################################################################

=======
2) Bugs

A] format string in logging function

The logging function used for keeping tracks of the various errors and
operations (like wrong logins) is affected by a format string
vulnerability exploitable for example using a malformed user or peer
name.

B] crash caused by arbitrary array index

A 32 bit number provided by the client is used on the server as an
index for reading some values in an array, a too big number can be used
to crash the server due to the access to invalid memory.

C] NULL pointer

A NULL pointer vulnerability can be exploited through the sending of a
specific type of packet.

D] server termination through allocation error

A malformed packet can be used to terminate the server with the error
message "Out of central memory" caused by the impossibility of
allocating a certain amount of memory.

#######################################################################

===========
3) The Code

http://aluigi.org/poc/soliduro.zip

#######################################################################

======
4) Fix

No fix

#######################################################################

Luigi Auriemma
http://aluigi.org

JSON