A vulnerability in Borland Interbase, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

A vulnerability in Borland Interbase, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an input validation error and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to default port 3050/TCP.

Successful exploitation allows execution of arbitrary code.

NOTE: This vulnerability is reportedly related to vulnerability #1 in:
SA28596

The vulnerability is reported in Borland Interbase 2007 Service Pack 2 (8.1.0.256) on Windows and Solaris. Other versions may also be affected.

Restrict network access to the affected port.

 

Original Advisory:
CORE-2008-0415:
http://www.coresecurity.com/?action=item&id=2278