A new set of critical vulnerabilities uncovered in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios.
The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards transaction-based applications.
The cybersecurity company said the issues — both specific to the operating system and the platform as a whole — were discovered during a security testing of the product, one of which has a CVSS rating of 9.1.
Identified as CVE-2020-6248, the most severe vulnerability allows arbitrary code execution when making database backups, thus allowing an attacker to trigger the execution of malicious commands.
“During database backup operations, there are no security checks for overwriting critical configuration files,” Trustwave researchers said in a report shared with The Hacker News. “That means anyone who can run the DUMP command (e.g., database owners) can perform very dangerous tasks.”
A second vulnerability (CVE-2020-6252) concerns ASE Cockpit, a web-based administrative console that’s used for monitoring the status and availability of ASE servers. Impacting only Windows installations of ASE 16, the flaw lets a bad actor with access to a local network to capture user account credentials, overwrite operating system files, and even execute malicious code with LocalSystem privileges.
images from Hacker News