Gentoo Linux Security Advisory 201512-11 - A buffer overflow in Firebird might allow remote attackers to execute arbitrary code. Versions less than 2.5.3.26780.0-r3 are affected.
ebf0cf5595dd71c229b90d80a98688f967ad738a36910c14c911ecb6c69d4a5aDebian Linux Security Advisory 2648-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.
3fc375a47b826db087cce2564e87b9c320aab1c05447a531e7f739a3bf803897Debian Linux Security Advisory 2647-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.
d47fae449bdaf311c4618b1ae36fe78802d600ce4163213705762394cfc40e0fThis Metasploit module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The vulnerability exists with a group number extracted from the CNCT information, which is sent by the client, and whose size is not properly checked. This Metasploit module uses an existing call to memcpy, just prior to the vulnerable code, which allows a small amount of data to be written to the stack. A two-phases stackpivot allows to execute the ROP chain which ultimately is used to execute VirtualAlloc and bypass DEP.
7de29ccbc4fc0af57c3834340b87fbe2ce27419e8888190bc1a4620767590552
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed