Bug 684036 - (CVE-2011-1145) CVE-2011-1145 unixODBC: possible buffer overrun in SQLDriverConnect()
CVE-2011-1145 unixODBC: possible buffer overrun in SQLDriverConnect()
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2011-03-10 17:55 EST by Vincent Danen
Modified: 2011-03-24 16:18 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-03-24 16:18:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-03-10 17:55:55 EST
It was reported [1] that a possible buffer overrun flaw exists in unixODBC's SQLDriverConnect() function.  A large value for the SAVEFILE parameter in the connection string could trigger this, resulting in a crash.  SecurityFocus claims this may also lead to the execution of arbitrary code as the user running the application using unixODBC [2].  This has been corrected upstream [3].


[1] http://seclists.org/oss-sec/2011/q1/446
[2] http://www.securityfocus.com/bid/46805/discuss
[3] http://unixodbc.svn.sourceforge.net/viewvc/unixodbc/trunk/DriverManager/SQLDriverConnect.c?r1=23&r2=27
Comment 3 Josh Bressers 2011-03-11 14:33:53 EST
This is just a DoS for us on RHEL5+. It's a stack buffer that gets overflowed, which will be caught by stack protector. I would suggest we wontfix this on those platforms.

We should also probably wontfix this on RHEL4, it's certainly a low severity issue since you have to connect to a malicious server (which isn't very likely), and RHEL4 is near the end of its life. We have more important issues to invest our time in.
Comment 4 Vincent Danen 2011-03-24 16:18:16 EDT

The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue.

Note You need to log in before you can comment on or make changes to this bug.