Secunia Security Advisory - TippingPoint has reported a vulnerability in Borland InterBase, which can be exploited by malicious people to compromise a user's system.
a866cd6cff71bbe11fa3932981fd6cc7e9558b55d482c602957a15db8a2b5818
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Borland InterBase "create" Request Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA26189
VERIFY ADVISORY:
http://secunia.com/advisories/26189/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
Borland InterBase 2007
http://secunia.com/product/14871/
DESCRIPTION:
TippingPoint has reported a vulnerability in Borland InterBase, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the
processing of "create" requests. This can be exploited to cause a
stack-based buffer overflow by sending a specially crafted "create"
request to port 3050/TCP of the vulnerable system.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in Borland InterBase 2007 prior to
Service Pack 2.
SOLUTION:
Update to Borland InterBase 2007 Service Pack 2.
http://downloads.codegear.com/default.aspx?productid=7080
PROVIDED AND/OR DISCOVERED BY:
Cody Pierce, TippingPoint DVLabs.
ORIGINAL ADVISORY:
http://dvlabs.tippingpoint.com/advisory/TPTI-07-13
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------