when connecting to a database to check for current versions, the sql anywhere utility would not check the working copy when no connection had been established. this allowed a remote attacker to gain an incorrect result or information when a sql anywhere application checked for the database version. it would only check after the dbms passed the create_database_statement handshake. an attacker could exploit this by preloading the database version when the database was not available. this could be mitigated by implementing the sslv3 encryption protocol. the correct behavior is that an offline connection to a database attempts to connect to the port and pass the database version.
a stack-based buffer overflow existed in the creation of sql anywhere connection certificates. an attacker could exploit this by supplying a large number of certificate renewal requests with certificate renewal options of indeterminate length. these requests could cause heap corruption of the application which triggers an out-of-bounds read. this could be mitigated by improving server handling of certificate renewal requests to limit memory allocations. the fix also restores the current (2012-03-05) cert renewal mechanism and creates a new cert renewal mechanism. users can continue to use the existing cert renew mechanism and existing applications.
a stack-based buffer overflow existed in the parsing of http requests. an attacker could exploit this by supplying a malicious server that would cause an out-of-bounds read. this could be mitigated by not permitting calls to sql anywhere function that did not have a defined calling signature. the fix also restores the current (2011-11-19) server mechanism.