Thursday, November 8, 2007

OpenBase 10.0.5 (All Platforms)

Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise.

The first vulnerability discovered is a command injection vulnerability that affects several of the default Stored Procedures. Specifically, it is possible to execute system commands as the root user by inserting a series of backticks into the pre-defined Stored Procedures.

The second vulnerability discovered in Buffer Overflow that causes heap corruption. This also has the potential to lead to the execution of arbitrary code or a Denial of Service condition.

Click here for the full advisory.

Netragard In The News

Apple patched two issues in Xcode Tools 2.5 on Tuesday, including one flaw that could allow remote code execution. Apple credited researcher Kevin Finisterre of Netragard for reporting both issues. Read the full article here.