Vulnerabilities > CVE-2007-5243 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Borland Software Interbase
Summary
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function. More information about this vulnerability can be found at: http://www.securitytracker.com/alerts/2007/Oct/1018772.html
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Borland InterBase SVC_attach() Buffer Overflow. CVE-2007-5243. Remote exploit for windows platform id EDB-ID:16449 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16449/ title Borland InterBase SVC_attach Buffer Overflow description Firebird Relational Database isc_attach_database() Buffer Overflow. CVE-2007-5243. Remote exploit for windows platform id EDB-ID:16440 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16440/ title Firebird Relational Database isc_attach_database Buffer Overflow description Borland InterBase 2007 PWD_db_aliased Buffer Overflow. CVE-2007-5243. Remote exploit for linux platform id EDB-ID:9954 last seen 2016-02-01 modified 2007-10-03 published 2007-10-03 reporter Adriano Lima source https://www.exploit-db.com/download/9954/ title Borland InterBase 2007 - PWD_db_aliased Buffer Overflow description Borland InterBase 2007, 2007 sp2 jrd8_create_database Buffer Overflow. CVE-2007-5243. Remote exploit for linux platform id EDB-ID:10020 last seen 2016-02-01 modified 2007-10-03 published 2007-10-03 reporter Adriano Lima source https://www.exploit-db.com/download/10020/ title Borland InterBase 2007 / 2007 sp2 - jrd8_create_database Buffer Overflow description Borland Interbase 2007, 2007SP2 INET_connect Buffer Overflow. CVE-2007-5243. Remote exploit for linux platform id EDB-ID:10021 last seen 2016-02-01 modified 2007-10-03 published 2007-10-03 reporter Adriano Lima source https://www.exploit-db.com/download/10021/ title Borland Interbase 2007 / 2007 SP2 - INET_connect Buffer Overflow description Borland InterBase isc_attach_database() Buffer Overflow. CVE-2007-5243. Remote exploit for windows platform id EDB-ID:16447 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16447/ title Borland InterBase isc_attach_database Buffer Overflow description Firebird Relational Database SVC_attach() Buffer Overflow. CVE-2007-5243. Remote exploit for windows platform id EDB-ID:16420 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16420/ title Firebird Relational Database SVC_attach Buffer Overflow description Borland InterBase PWD_db_aliased() Buffer Overflow. CVE-2007-5243. Remote exploit for linux platform id EDB-ID:16839 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16839/ title Borland InterBase PWD_db_aliased Buffer Overflow description Borland InterBase jrd8_create_database() Buffer Overflow. CVE-2007-5243. Remote exploit for linux platform id EDB-ID:16843 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16843/ title Borland InterBase jrd8_create_database Buffer Overflow description Firebird Relational Database isc_create_database() Buffer Overflow. CVE-2007-5243. Remote exploit for windows platform id EDB-ID:16432 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16432/ title Firebird Relational Database isc_create_database Buffer Overflow description Borland InterBase INET_connect() Buffer Overflow. CVE-2007-5243. Remote exploit for linux platform id EDB-ID:16844 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16844/ title Borland InterBase INET_connect Buffer Overflow description Borland InterBase isc_create_database() Buffer Overflow. CVE-2007-5243. Remote exploit for windows platform id EDB-ID:16437 last seen 2016-02-01 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16437/ title Borland InterBase isc_create_database Buffer Overflow
Metasploit
description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. id MSF:EXPLOIT/WINDOWS/MISC/IB_SVC_ATTACH last seen 2020-01-16 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/ib_svc_attach.rb title Borland InterBase SVC_attach() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. id MSF:EXPLOIT/LINUX/MISC/IB_JRD8_CREATE_DATABASE last seen 2020-03-10 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/misc/ib_jrd8_create_database.rb title Borland InterBase jrd8_create_database() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. id MSF:EXPLOIT/WINDOWS/MISC/IB_ISC_CREATE_DATABASE last seen 2020-03-23 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/ib_isc_create_database.rb title Borland InterBase isc_create_database() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. id MSF:EXPLOIT/WINDOWS/MISC/IB_ISC_ATTACH_DATABASE last seen 2020-06-14 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/ib_isc_attach_database.rb title Borland InterBase isc_attach_database() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request. id MSF:EXPLOIT/LINUX/MISC/IB_PWD_DB_ALIASED last seen 2020-06-14 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/misc/ib_pwd_db_aliased.rb title Borland InterBase PWD_db_aliased() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. id MSF:EXPLOIT/LINUX/MISC/IB_INET_CONNECT last seen 2020-03-12 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/misc/ib_inet_connect.rb title Borland InterBase INET_connect() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. id MSF:EXPLOIT/WINDOWS/MISC/FB_ISC_ATTACH_DATABASE last seen 2020-01-04 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/fb_isc_attach_database.rb title Firebird Relational Database isc_attach_database() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. id MSF:EXPLOIT/WINDOWS/MISC/FB_ISC_CREATE_DATABASE last seen 2020-03-23 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/fb_isc_create_database.rb title Firebird Relational Database isc_create_database() Buffer Overflow description This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted service attach request. id MSF:EXPLOIT/WINDOWS/MISC/FB_SVC_ATTACH last seen 2020-06-14 modified 2017-07-24 published 2007-10-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/fb_svc_attach.rb title Firebird Relational Database SVC_attach() Buffer Overflow
Packetstorm
data source https://packetstormsecurity.com/files/download/83238/fb_isc_create_database.rb.txt id PACKETSTORM:83238 last seen 2016-12-05 published 2009-11-26 reporter Ramon de C Valle source https://packetstormsecurity.com/files/83238/Firebird-Relational-Database-isc_create_database-Buffer-Overflow.html title Firebird Relational Database isc_create_database() Buffer Overflow data source https://packetstormsecurity.com/files/download/82246/ib_pwd_db_aliased.rb.txt id PACKETSTORM:82246 last seen 2016-12-05 published 2009-10-27 reporter Adriano Lima source https://packetstormsecurity.com/files/82246/Borland-InterBase-PWD_db_aliased-Buffer-Overflow.html title Borland InterBase PWD_db_aliased() Buffer Overflow data source https://packetstormsecurity.com/files/download/83201/fb_isc_attach_database.rb.txt id PACKETSTORM:83201 last seen 2016-12-05 published 2009-11-26 reporter Ramon de C Valle source https://packetstormsecurity.com/files/83201/Firebird-Relational-Database-isc_attach_database-Buffer-Overflow.html title Firebird Relational Database isc_attach_database() Buffer Overflow data source https://packetstormsecurity.com/files/download/82244/ib_jrd8_create_database.rb.txt id PACKETSTORM:82244 last seen 2016-12-05 published 2009-10-27 reporter Adriano Lima source https://packetstormsecurity.com/files/82244/Borland-InterBase-jrd8_create_database-Buffer-Overflow.html title Borland InterBase jrd8_create_database() Buffer Overflow data source https://packetstormsecurity.com/files/download/83069/ib_isc_create_database.rb.txt id PACKETSTORM:83069 last seen 2016-12-05 published 2009-11-26 reporter Ramon de C Valle source https://packetstormsecurity.com/files/83069/Borland-InterBase-isc_create_database-Buffer-Overflow.html title Borland InterBase isc_create_database() Buffer Overflow data source https://packetstormsecurity.com/files/download/83227/ib_svc_attach.rb.txt id PACKETSTORM:83227 last seen 2016-12-05 published 2009-11-26 reporter Ramon de C Valle source https://packetstormsecurity.com/files/83227/Borland-InterBase-SVC_attach-Buffer-Overflow.html title Borland InterBase SVC_attach() Buffer Overflow data source https://packetstormsecurity.com/files/download/83097/fb_svc_attach.rb.txt id PACKETSTORM:83097 last seen 2016-12-05 published 2009-11-26 reporter Ramon de C Valle source https://packetstormsecurity.com/files/83097/Firebird-Relational-Database-SVC_attach-Buffer-Overflow.html title Firebird Relational Database SVC_attach() Buffer Overflow data source https://packetstormsecurity.com/files/download/83151/ib_isc_attach_database.rb.txt id PACKETSTORM:83151 last seen 2016-12-05 published 2009-11-26 reporter Ramon de C Valle source https://packetstormsecurity.com/files/83151/Borland-InterBase-isc_attach_database-Buffer-Overflow.html title Borland InterBase isc_attach_database() Buffer Overflow
References
- http://osvdb.org/38605
- http://osvdb.org/38606
- http://osvdb.org/38607
- http://osvdb.org/38608
- http://osvdb.org/38609
- http://risesecurity.org/advisory/RISE-2007002/
- http://risesecurity.org/blog/entry/3/
- http://risesecurity.org/exploit/10/
- http://risesecurity.org/exploit/12/
- http://risesecurity.org/exploit/13/
- http://risesecurity.org/exploit/14/
- http://risesecurity.org/exploit/15/
- http://risesecurity.org/exploit/9/
- http://secunia.com/advisories/27058
- http://www.securityfocus.com/bid/25917
- http://www.securitytracker.com/id?1018772
- http://www.vupen.com/english/advisories/2007/3381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36956