Kbase P20977: Security issue with _dbagent in Progress 9.1D05
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
3/26/2009 |
|
Status: Unverified
FACT(s) (Environment):
UNIX
FACT(s) (Environment):
Progress 9.1D
SYMPTOM(s):
Security issue.
Running Service Pack 05.
Security issue with _dbagent.
_dbagent can be exploited using printf functions.
CAUSE:
_dbagent called PROMSGS as a preformatted buffer.
FIX:
_dbagent will call the PROMSGS file as a string value.
The bug has been addressed in 9.1D06. Please apply Progress Service Pack 91.D06.