SAP Sybase Adaptive Server Enterprise is a relational database management product used to store financial, statistical, and virtually any other type of data. It is supported on many platforms including Solaris, Linux, and Windows.
Recently SAP released security updates to the current version of the product (15.7) as well as updates to some older version. There are nine security issues reported by Application Security Inc (now part of Trustwave) researchers in that update. Let's go over each of them in detail to see where they are found, how they can be exploited and what should be done to address them. These vulnerabilities were discovered during a security audit of a vanilla Sybase ASE 15.7 installation.