Sybase ASA Client Connection Broadcast Remote Information Disclosure

medium Nessus Plugin ID 25926

Synopsis

The remote database server is affected by an information disclosure vulnerability.

Description

The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.

Solution

Switch off broadcast listening via the '-sb' switch when starting Sybase.

See Also

http://www.sybase.com/products/databasemanagement/sqlanywhere

Plugin Details

Severity: Medium

ID: 25926

File Name: sybase_asa_ping.nasl

Version: Revision: 1.8

Type: remote

Family: Databases

Published: 8/22/2007

Updated: 12/1/2017

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:sybase:sql_anywhere