Security vulnerability in Borland InterBase
A security vulnerability discovered early this year in open source database Firebird also affects Borland's InterBase. The security vulnerability allows attackers to inject and execute malicious code using crafted remote packets. The open source database Firebird is derived from the InterBase source code, which is publicly available.
An integer overflow occurs in InterBase, which by default listens for incoming connections on TCP port 3050, when processing crafted packets. This can result in a buffer overflow, which can in turn result in execution of injected code.
Borland have not yet released an update to fix the vulnerability. Core Security found the bug in the Solaris and Windows versions of Borland InterBase 2007 Service Pack 2 Build 8.1.0.256. According to the security advisory, Borland is currently merely advising users not to use the standard port 3050 for InterBase and to check the log file for unusual events that might indicate an intrusion event. As well as the vendor's tips, it would seem prudent to restrict the number of computers with access rights using a firewall.
See also:
- Borland InterBase 2007 Integer Overflow, security advisory from Core Security
- Product page from Borland on InterBase
(trk)
