Sybase M-Business Anywhere (AvantGo) gsoap Module password Tag Handling Overflow

critical Nessus Plugin ID 54618

Synopsis

The remote SOAP server is vulnerable to a buffer overflow attack.

Description

The Sybase M-Business Anywhere (AvantGo) software installed on the remote host includes a SOAP server that fails to validate an XML end tag in a SOAP request, resulting in a buffer overflow.

An unauthenticated, remote attacker can exploit this to execute arbitrary code. This plugin checks the heap overflow condition in the SOAP server by submitting a request with a long XML end tag.

Solution

Apply the appropriate patch from Sybase.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-154/

https://seclists.org/bugtraq/2011/May/71

http://www.sybase.com/detail?id=1093029

https://www.zerodayinitiative.com/advisories/ZDI-11-155/

https://www.zerodayinitiative.com/advisories/ZDI-11-156/

Plugin Details

Severity: Critical

ID: 54618

File Name: sybase_mbanywhere_buffer_overflow.nasl

Version: 1.10

Type: remote

Published: 5/23/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Services/AvantGo-soap-server

Excluded KB Items: Settings/disable_cgi_scanning, global_settings/supplied_logins_only

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2011

Vulnerability Publication Date: 5/9/2011

Reference Information

BID: 47775