Ravens PHP Scripts

Firebird *connect* Request Handling Buffer Overflow Vulnerability
Date: Tuesday, June 12, 2007 @ 17:57:18 CEST
Topic: Security


SECUNIA ADVISORY ID: SA25601

VERIFY ADVISORY: http://secunia.com/advisories/25601/

CRITICAL: Moderately critical

IMPACT: System access

WHERE: >From local network

SOFTWARE: Firebird 2.x - http://secunia.com/product/11516/

DESCRIPTION: Cody Pierce has reported a vulnerability in Firebird, which can be exploited by malicious people to compromise a vulnerable system.



The vulnerability is caused due to an error within the handling of "connect" requests (0x1) with a large "p_cnct_count" value. This can be exploited to cause a buffer overflow by sending a specially crafted connect request to a vulnerable server (default port 3050/TCP). The vulnerability is reported in Firebird 2. Other versions may also be affected.

SOLUTION: Update to version 2.0.1.

PROVIDED AND/OR DISCOVERED BY: Cody Pierce, TippingPoint DVLabs

ORIGINAL ADVISORY: http://dvlabs.tippingpoint.com/advisory/TPTI-07-11

OTHER REFERENCES: http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2949