At least four vulnerabilities have been found within the Firebird SQL database platform that could lead to arbitrary remote code execution if attackers are able to pass appropriate requests to the vulnerable database.

The core of the vulnerabilities is improper validation of data when it is being placed on a stack, allowing a stack buffer overflow.

Exploitation is claimed as 'trivial', and exploit code has already begun circulating for the issues.

Description:

Alternative database platform Firebird has had four vulnerabilities that could lead to complete system compromise (via memory errors) disclosed and patched.

While the company responsible for the initial discovery and disclosure (RISE Security) indicated the presence of proof of concept exploits, exploit code has already been identified spreading through a number of sites.

Mitigation:

Update to version LI/WI-V2.0.3.12981 to mitigate against the disclosed vulnerabilities.

Updates:

http://www.firebirdsql.org

Source:

http://risesecurity.org/advisory/RISE-2007003/

Exploits:

Various