(The following information is relevant only for those running the SOS database in networked mode. If you are running a standalone configuration of SOS, without the keyword “tcpip” in the SERVER.PRM file, there is nothing you need to do.)
Although this vulnerability applies primarily to Sybase’s larger, enterprise product, SOS strongly recommends the following, easy procedure to prevent any use of a similar exploit against your SQL Anywhere database.
- In your SOS folder, look for the SERVER.PRM file and open it with Notepad or any other plain text editor (NOT using a word processor like MS Word!). You could, for example, open Notepad on your server, then load the SERVER.PRM file, located in your SOS folder.
- Find the -x tcpip parameter. It may or may not be followed by one or more parameters within a set of parentheses.
- If there are no parentheses, then add (TDS=NO) immediately after the -x tcpip. If there are already parentheses and one or more parameters, then add a semi-colon and TDS=NO just before the closing parenthesis. See the examples below.
The change will take effect next time you shut down and restart the database. To be sure, after restarting the database, go into Office Manager or Case Manager, then select HELP > VERSION INFORMATION. Click the DB tab and examine the “Server Startup Command” at the bottom of the window: