Summary:
Sybase SQL Anywhere is the backend database for Cabi 3.3. Following vulnerability is been reported by a security/vulnerability scanner on the Cabi server
The remote Sybase SQL Anywhere / Adaptive Server Anywhere database is configured to listen for client connection broadcasts, which allows an attacker to see the name and port that the Sybase SQL Anywhere / Adaptive Server Anywhere server is running on.
Instructions:
Following solution will help you avoid the security risk reported by the Vulnerability scanner on the Cabi server
Switch off broadcast listening via the '-sb' switch when starting Sybase.
Using -sb 0 causes the database server to not start any UDP broadcast listeners. This forces clients to use a HOST connection parameter or HOST protocol option when connecting to the database server. This also causes the database server to be unlisted when using dblocate.
Using -sb 1 causes the database server to not respond to broadcasts from dblocate, but still starts UDP listeners.
Solution is implemented using the following steps:
Additional Information:
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)