|
Firebird External Table Vulnerability
|
|
Secunia Advisory:
|
SA8557
|
|
|
Release Date:
|
2003-04-09
|
|
Popularity:
|
5,239 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
Privilege escalation
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Firebird 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability identified in Firebird can reportedly in worst case be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused by an access control error. The problem is that it is possible to create an external table in an arbitrary file on the system. If the file exists, it is possible to manipulate it by appending data to it. Reportedly, successful exploitation doesn't require that the user has been authenticated.
An example was included in the original advisory, which creates a user with root privileges and no password:
create table test external '/etc/passwd' (id char(80));
insert into test values('r00t::0:0:root:/root:/bin/bash');
The vulnerability has been confirmed in version 1.0.2. It is currently not known whether version 1.5. Beta is vulnerable.
Solution:
Allow only trusted users access to the system. Filter traffic to the ports, which Firebird is listening on.
Provided and/or discovered by:
Kotala Zdenek
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
