Security update for Borland Interbase 2007
Borland has fixed a vulnerability in its Interbase 2007 database, which could have been exploited by an attacker to crash or gain control over a server. The cause of the problem was a buffer overflow in the database service (ibserver.exe) when processing crafted create requests on TCP port 3050. Authentication is not required for a successful attack, although only attacks from the local network are likely to succeed. Registered users can obtain the update via Borland subsidiary Codegear.
TippingPoint, who discovered the vulnerability, has published a detailed account of how the vulnerability was discovered and analysed on its blog.
- Step by Step of How TPTI-07-013 was Discovered security advisory from TippingPoint