Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 May 2012 09:42:42 -0300
From: Felipe Pena <>
Subject: CVE id request: Multiple buffer overflow in unixODBC

Hi, please assign a CVE id for the issue:

Multiple buffer overflow in unixODBC

The library unixODBC doesn't check properly the input from FILEDSN=,
DRIVER= options in the DSN,
which causes buffer overflow when passed to the SQLDriverConnect() function.

The unixODBC maintainer has been notified about the issue.

Version affected

FILEDSN= as of 2.0.10
DRIVER= as of 2.3.1


$ ./poc "FILEDSN=$(python -c "print 'A'*10000")"
Segmentation fault

(gdb) bt
 #0  0x00007ffff7bc8c81 in SQLReadFileDSN (pszFileName=<value optimized
 out>, pszAppName=<value optimized out>, pszKeyName=<value optimized
    pszString=<value optimized out>, nString=<value optimized out>,
 pnString=<value optimized out>) at SQLReadFileDSN.c:207
 #1  0x4141414141414141 in ?? ()


This bug was discovered by Felipe Pena.
BugSec Team -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ