---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Firebird 2 Multiple Vulnerabilities and Weakness SECUNIA ADVISORY ID: SA31064 VERIFY ADVISORY: http://secunia.com/advisories/31064/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS WHERE: >From local network SOFTWARE: Firebird 2.x http://secunia.com/product/11516/ DESCRIPTION: Some vulnerabilities and a weakness have been reported in Firebird, which can be exploited by malicious users to cause a DoS (Denial of Service) and disclose system information, and by malicious, local users to disclose sensitive information. 1) An error when processing specially crafted expressions can be exploited to cause a memory corruption. 2) An error when processing an "EXECUTE STATEMENT" can be exploited to cause a memory corruption and crash the server. 3) An error when handling altered procedures can be exploited to cause a crash. Successful exploitation of the vulnerabilities requires valid Firebird credentials on the affected server. 4) An unspecified error can be exploited to disclose the server's installation directory. For more information: SA31003 5) The problem is that database files are created with improper access rights. This can be exploited by unprivileged local users to disclose the content of database files. The vulnerabilities are reported in versions 2.0.4 and 2.1.0. Other versions may also be affected. SOLUTION: The vulnerabilities are fixed in version 2.5 Alpha 1. Update to version 2.1.1, which fixes vulnerabilities #1, #4, and #5. http://sourceforge.net/project/showfiles.php?group_id=9028 Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tracker.firebirdsql.org/browse/CORE-1845 http://tracker.firebirdsql.org/browse/CORE-1884 http://tracker.firebirdsql.org/browse/CORE-1887 http://tracker.firebirdsql.org/browse/CORE-1919 http://tracker.firebirdsql.org/browse/CORE-1930 OTHER REFERENCES: SA31003: http://secunia.com/advisories/31003/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------