Advisory Details

December 9th, 2014

SAP SQL Anywhere .NET Data Provider Malformed Integer Stack Buffer Overflow Code Execution Vulnerability

ZDI-14-415
ZDI-CAN-2349

CVE ID CVE-2014-9264
CVSS SCORE 9.5, AV:U/AC:L/Au:U/C:P/I:P/A:P
AFFECTED VENDORS SAP
AFFECTED PRODUCTS SQL Anywhere
VULNERABILITY DETAILS


This allows attackers to execute arbitrary code on applications which pass user provided data to the vulnerable API in SAP SQL Anywhere.

The specific flaw exists within the handling of a malformed integer constant. If an application allows untrusted input to be used in a query, even if the input is correctly filtered against SQL injection, an attacker could overflow a fixed size stack buffer and execute arbitrary code in the context of the application.
ADDITIONAL DETAILS


SAP released Security Note 2057277 (http://scn.sap.com/docs/DOC-8218) to address this issue.
DISCLOSURE TIMELINE
  • 2014-04-06 - Vulnerability reported to vendor
  • 2014-12-09 - Coordinated public release of advisory
CREDIT John Leitch
BACK TO ADVISORIES