Firebird GDS_Inet_Server Interbase Environment Variable Buffer Overflow Vulnerability

Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems. As Firebird is based on Borland/Inprise Interbase source code, it is very likely that Interbase is prone to this issue also.

A buffer overflow has been discovered in the setuid root program gds_inet_server, packaged with Firebird. This problem could allow a local user to execute the program with strings of arbitrary length. By using a custom crafted string, the attacker could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code as root.


 

Privacy Statement
Copyright 2010, SecurityFocus