Sybase_EAServer_WebConsole_Buffer_Overflow_attack

This strike exploits a stack based buffer overflow in Sybase Enterprise Application Server. The vulnerability exists due to a boundary error in the processing of HTTP requests directed to the WebConsole. An unauthenticated remote attacker can exploit this vulnerability to cause a denial of service condition or execute arbitrary code. Any code execution will occur with the privileges of the running server, normally administrative. In a simple attack case aimed at creating a denial of service condition, the affected Sybase EAServer and all supplied services will terminate. In a sophisticated attack scenario where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the jagsrv.exe process.