Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Firebird - Remote hacker automatic control

Version: LI 1.5 to WI 2.0
Technical Details:

At least four vulnerabilities have been found within the Firebird SQL database platform that could lead to arbitrary remote code execution if attackers are able to pass appropriate requests to the vulnerable database.

The core of the vulnerabilities is improper validation of data when it is being placed on a stack, allowing a stack buffer overflow.

Exploitation is claimed as 'trivial', and exploit code has already begun circulating for the issues.

Description:

Alternative database platform Firebird has had four vulnerabilities that could lead to complete system compromise (via memory errors) disclosed and patched.

While the company responsible for the initial discovery and disclosure (RISE Security) indicated the presence of proof of concept exploits, exploit code has already been identified spreading through a number of sites.

Mitigation:

Update to version LI/WI-V2.0.3.12981 to mitigate against the disclosed vulnerabilities.

Updates:

http://www.firebirdsql.org

Source:

http://risesecurity.org/advisory/RISE-2007003/

Exploits:

Various

External Tracking Data:


Social bookmark this page