Sybase ASA Client Connection Broadcast Remote Information Disclosure

medium Nessus Plugin ID 25926
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote database server is affected by an information disclosure vulnerability.

Description

The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.

Solution

Switch off broadcast listening via the '-sb' switch when starting Sybase.

See Also

http://www.sybase.com/products/databasemanagement/sqlanywhere

Plugin Details

Severity: Medium

ID: 25926

File Name: sybase_asa_ping.nasl

Version: Revision: 1.8

Type: remote

Family: Databases

Published: 8/22/2007

Updated: 12/1/2017

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:sybase:sql_anywhere