Vulnerabilities in Borland's SQL support
Users of Borland Developer Studio 2006 should review any applications created with the Borland software that communicate with an SQL database. Security vendor Secunia reports that SQL commands longer than 4000 bytes can provoke a buffer overflow that enables code to be planted and potentially executed. Secunia claims the bug is part of the idsql32.dll file in version 22.214.171.124, as contained in Developer Studio 2006 and in version 126.96.36.199, as delivered in prefabricated applications like RevilloC MailServer. It remains unclear which other applications are affected.
The hole only actually becomes a problem if user input directly flows into an SQL statement, such as from a website, and if this is not previously filtered or subjected to length verification. Borland was informed about the problem in the middle of the month, but has not, as yet, reacted. Developers should therefore set length restrictions on user input for their own applications. Access by vulnerable applications from other manufacturers must also be assigned restricted access.
- Borland Products idsql32.dll Buffer Overflow Vulnerability, report by Secunia