unixODBC SQLWriteFileDSN Function Denial of Service Vulnerability [CVE-2018-7485]
A vulnerability in the SQLWriteFileDSN function of unixODBC could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to improper memory operations that are performed by the affected software when the SQLWriteFileDSN function, as defined in the odbcinst/SQLWriteFileDSN.c source code file of the affected software, is used. An attacker could exploit this vulnerability to cause the affected software to stop functioning, resulting in a DoS condition on the targeted system.
The unixODBC project has confirmed the vulnerability and released a software patch.
CVE number = CVE-2018-7485
-
To exploit this vulnerability, the attacker would need to send crafted input to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.
-
Administrators are advised to apply the appropriate updates.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to monitor affected systems.
-
The unixODBC project has released a git commit at the following link: commit 45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
-
-
The unixODBC project has released a software patch at the following link: Fix order of arguments in SQLWriteFileDSN.c, fix unwanted free() in iusql.c
-
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.