Bug 684036 (CVE-2011-1145) - CVE-2011-1145 unixODBC: possible buffer overrun in SQLDriverConnect()
Summary: CVE-2011-1145 unixODBC: possible buffer overrun in SQLDriverConnect()
Alias: CVE-2011-1145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2011-03-10 22:55 UTC by Vincent Danen
Modified: 2021-02-24 16:20 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-03-24 20:18:16 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-03-10 22:55:55 UTC
It was reported [1] that a possible buffer overrun flaw exists in unixODBC's SQLDriverConnect() function.  A large value for the SAVEFILE parameter in the connection string could trigger this, resulting in a crash.  SecurityFocus claims this may also lead to the execution of arbitrary code as the user running the application using unixODBC [2].  This has been corrected upstream [3].


[1] http://seclists.org/oss-sec/2011/q1/446
[2] http://www.securityfocus.com/bid/46805/discuss
[3] http://unixodbc.svn.sourceforge.net/viewvc/unixodbc/trunk/DriverManager/SQLDriverConnect.c?r1=23&r2=27

Comment 3 Josh Bressers 2011-03-11 19:33:53 UTC
This is just a DoS for us on RHEL5+. It's a stack buffer that gets overflowed, which will be caught by stack protector. I would suggest we wontfix this on those platforms.

We should also probably wontfix this on RHEL4, it's certainly a low severity issue since you have to connect to a malicious server (which isn't very likely), and RHEL4 is near the end of its life. We have more important issues to invest our time in.

Comment 4 Vincent Danen 2011-03-24 20:18:16 UTC

The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue.

Note You need to log in before you can comment on or make changes to this bug.