Bug 826263 (CVE-2012-2658) - CVE-2012-2658 unixodbc: buffer overflow due to improper checking of DRIVER= input
Summary: CVE-2012-2658 unixodbc: buffer overflow due to improper checking of DRIVER= i...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2012-2658
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 826265
TreeView+ depends on / blocked
 
Reported: 2012-05-29 21:31 UTC by Vincent Danen
Modified: 2021-02-23 14:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-30 21:23:00 UTC

Attachments (Terms of Use)

Description Vincent Danen 2012-05-29 21:31:58 UTC 
It was reported that the unixODBC library does not properly check the input from the DRIVER= option in the DSN, which could cause a buffer overflow when passed to the SQLDriverConnect() function.  The vulnerable versions are reported as being >= 2.3.1.

This has not been corrected upstream as of yet.
Comment 1 Vincent Danen 2012-05-29 21:35:54 UTC 
The original report to oss-security is here:

http://www.openwall.com/lists/oss-security/2012/05/29/7
Comment 3 Vincent Danen 2012-05-30 21:23:00 UTC 
The DSN can only be supplied from a trusted environment, such as a configuration file or in a script written by the author (such as a PHP script).  The DSN should never come from an untrusted source (such as user input) in these cases.  The isql tool allows a user to supply an arbitrary DSN, but the end result there is the termination of the isql tool itself.

Statement:

Red Hat does not consider a user assisted client crash such as this to be a security flaw.
Note You need to log in before you can comment on or make changes to this bug.