CVE-2012-2658

Priority
Low
Description
** DISPUTED ** Buffer overflow in the SQLDriverConnect function in
unixODBC 2.3.1 allows local users to cause a denial of service (crash) via
a long string in the DRIVER option. NOTE: this issue might not be a
vulnerability, since the ability to set this option typically implies that
the attacker already has legitimate access to cause a DoS or execute code,
and therefore the issue would not cross privilege boundaries. There may be
limited attack scenarios if isql command-line options are exposed to an
attacker, although it seems likely that other, more serious issues would
also be exposed, and this issue might not cross privilege boundaries in
that context.
References
Bugs
Notes
 tyhicks> This one is likely to be rejected
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
More Information

Updated: 2017-08-11 23:14:40 UTC (commit 13081)