Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
TITLE: Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 12 2007 12:00AM
CREDIT: Cody Pierce of Tippingpoint Digital Vaccine Labs is credited with the discovery of this vulnerability.
VULNERABLE:
Firebird Firebird SQL 2.0NOT VULNERABLE:
Firebird Firebird SQL 2.0.1
Vai alla pagina originale su Security Focus
Discussion
Firebird SQL is prone to a remote buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server software. Failed exploit attempts will likely crash the server, denying service to legitimate users.
Firebird SQL version 2.0 is vulnerable; previous versions may also be affected.
Exploit
The following proof-of-concept request is available from Tippingpoint:
typedef struct p_cnct
{
P_OP p_cnct_operation; /* OP_CREATE or OP_OPEN */
USHORT p_cnct_cversion; /* Version of connect protocol */
P_ARCH p_cnct_client; /* Architecture of client */
CSTRING p_cnct_file; /* File name */
USHORT p_cnct_count; /* Protocol versions understood */
CSTRING p_cnct_user_id; /* User identification stuff */
struct p_cnct_repeat
{
USHORT p_cnct_version; /* Protocol version number */
P_ARCH p_cnct_architecture; /* Architecture of client */
USHORT p_cnct_min_type; /* Minimum type */
USHORT p_cnct_max_type; /* Maximum type */
USHORT p_cnct_weight; /* Preference weight */
}
p_cnct_versions[10];
} P_CNCT;
Solution
Solution:
The vendor has released an update that addresses this vulnerability. Please see the vendor references for additional information.
References
References:
- Firebird-2.0.1 Release Notes (Firebird SQL)
- Firebird SQL fbserver 'connect' Buffer Overflow Vulnerability (TippingPoint Digital Vaccine Laboratories)