Bug 1549636 (CVE-2018-7485)
Summary: | CVE-2018-7485 unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | alanm, databases-maint, hhorak, jstanek, mschorm, odubaj, praiskup, tgl, tomm.momi, tvainio, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | unixODBC 2.3.6pre | Doc Type: | If docs needed, set a value |
Doc Text: |
An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC. This could only be exploited via a malicious ODBC database connector package with the maximum impact being a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 19:18:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1549637, 1571530, 1571531, 1571532, 1891969 | ||
Bug Blocks: | 1548307 |
Description
Pedro Sampaio
2018-02-27 14:36:51 UTC
Created unixODBC tracking bugs for this issue: Affects: fedora-all [bug 1549637] Analysis: This flaw is essentially an argument order confusion in the SQLWriteFileDSN API, can only be exploited via a malicious ODBC database connector package and can possible cause Denial of Service only. We believe that arbitrary code execution is not possible, therefore this flaw has been rated as having Moderate security impact. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2336 https://access.redhat.com/errata/RHSA-2019:2336 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-7485 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:4999 https://access.redhat.com/errata/RHSA-2020:4999 |