Select local site

F-Secure Vulnerability Information :
Borland Interbase 2007 Packet Processing Buffer Overflow
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA30299
Source:Secunia
Date of Discovery:21.05.2008
Criticality:Moderate
Affects:

Borland InterBase 2007
Compromise From:From remote
Compromise Type:System access
DoS
Summary

A vulnerability in Borland Interbase, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
Back to the Top

Detailed Description

A vulnerability in Borland Interbase, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an input validation error and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to default port 3050/TCP.

Successful exploitation allows execution of arbitrary code.

NOTE: This vulnerability is reportedly related to vulnerability #1 in:
SA28596

The vulnerability is reported in Borland Interbase 2007 Service Pack 2 (8.1.0.256) on Windows and Solaris. Other versions may also be affected.
Back to the Top

Solution

Restrict network access to the affected port.

 


Original Advisory:
CORE-2008-0415:
http://www.coresecurity.com/?action=item&id=2278
Back to the Top

CVE Reference
Back to the Top

F-Secure Corporation