It was reported [1] that a possible buffer overrun flaw exists in unixODBC's SQLDriverConnect() function. A large value for the SAVEFILE parameter in the connection string could trigger this, resulting in a crash. SecurityFocus claims this may also lead to the execution of arbitrary code as the user running the application using unixODBC [2]. This has been corrected upstream [3]. References: [1] http://seclists.org/oss-sec/2011/q1/446 [2] http://www.securityfocus.com/bid/46805/discuss [3] http://unixodbc.svn.sourceforge.net/viewvc/unixodbc/trunk/DriverManager/SQLDriverConnect.c?r1=23&r2=27
This is just a DoS for us on RHEL5+. It's a stack buffer that gets overflowed, which will be caught by stack protector. I would suggest we wontfix this on those platforms. We should also probably wontfix this on RHEL4, it's certainly a low severity issue since you have to connect to a malicious server (which isn't very likely), and RHEL4 is near the end of its life. We have more important issues to invest our time in.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue.