header-logo
Suggest Exploit
vendor:
Progress Database
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Progress Database
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows and Unix systems
2002

Progress Database Locally Exploitable Buffer Overflows

Progress is a commercial database for Microsoft Windows and Unix systems. Locally exploitable buffer overflows are prevalent throughout many Progress Database programs. This is largely due to insufficient bounds checking of data which is externally supplied to strcpy functions. These problems could be exploited to allow a local attacker to execute arbitrary code on a host with the privileges of each individual affected program. This situation could be leveraged by the attacker to gain root privileges on the host.

Mitigation:

Ensure that all user-supplied data is properly validated before being used in a strcpy function.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3404/info

Progress is a commercial database for Microsoft Windows and Unix systems.

Locally exploitable buffer overflows are prevalent throughout many Progress Database programs. This is largely due to insufficient bounds checking of data which is externally supplied to strcpy functions.

These problems could be exploited to allow a local attacker to execute arbitrary code on a host with the privileges of each individual affected program.

This situation could be leveraged by the attacker to gain root privileges on the host. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21117.tar

Navigation

Suggest Exploit

Services By CQR