|
 |
|
Firebird External Table Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA8557
|
|
|
Release Date:
|
2003-04-09
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
Privilege escalation
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Firebird 1.x
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
A vulnerability identified in Firebird can reportedly in worst case be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused by an access control error. The problem is that it is possible to create an external table in an arbitrary file on the system. If the file exists, it is possible to manipulate it by appending data to it. Reportedly, successful exploitation doesn't require that the user has been authenticated.
An example was included in the original advisory, which creates a user with root privileges and no password:
create table test external '/etc/passwd' (id char(80));
insert into test values('r00t::0:0:root:/root:/bin/bash');
The vulnerability has been confirmed in version 1.0.2. It is currently not known whether version 1.5. Beta is vulnerable.
Solution:
Allow only trusted users access to the system. Filter traffic to the ports, which Firebird is listening on.
Provided and/or discovered by:
Kotala Zdenek
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
5 Related Secunia Security Advisories
|
|
|
1. Firebird Multiple Vulnerabilities
|
|
2. Firebird 1 Multiple Buffer Overflow Vulnerabilities
|
|
3. Firebird Multiple Vulnerabilities
|
|
4. Borland Interbase / Firebird Database Name Buffer Overflow Vulnerability
|
|
5. Firebird Environment Variable Buffer Overflow Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
