Firebird *connect* Request Handling Buffer Overflow Vulnerability Date: Tuesday, June 12, 2007 @ 16:57:18 CDT Topic: Security SECUNIA ADVISORY ID: SA25601 VERIFY ADVISORY: http://secunia.com/advisories/25601/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: Firebird 2.x - http://secunia.com/product/11516/ DESCRIPTION: Cody Pierce has reported a vulnerability in Firebird, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the handling of "connect" requests (0x1) with a large "p_cnct_count" value. This can be exploited to cause a buffer overflow by sending a specially crafted connect request to a vulnerable server (default port 3050/TCP). The vulnerability is reported in Firebird 2. Other versions may also be affected. SOLUTION: Update to version 2.0.1. PROVIDED AND/OR DISCOVERED BY: Cody Pierce, TippingPoint DVLabs ORIGINAL ADVISORY: http://dvlabs.tippingpoint.com/advisory/TPTI-07-11 OTHER REFERENCES: http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2949