Buffer overflow vulnerability in Firebird database
The security research company TippingPoint has released information about a vulnerability in the Firebird OpenSource SQL database that allowed remote attackers to compromise the server through a weakness in processing requests.
The vulnerability could be exploited to cause a buffer overflow when processing a connect request on the fbserver.exe server, which listens for requests by default on the port 3050/TCP. The developers fixed the vulnerability starting with Version 2.0.1 of the Firebird database in late March 2007.
TippingPoint released the Security Advisory now so that administrators of the affected versions could download and install the latest version. Anyone still working with Version 2.0.0 or earlier should download the update or limit access to the server to trusted computers through a firewall.
- Firebird SQL fbserver 'connect' Buffer Overflow Vulnerability, TippingPoint Security Advisory
- Download the latest version of Firebird