This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a buffer overflow vulnerability in Borland InterBase.
Borland InterBase is a scalable database application available for multiple operating platforms including Windows, Linux, and Solaris.
InterBase is prone to multiple remote buffer-overflow vulnerabilities because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.
These issues affect the following functions:
Reports indicate that some of these functions are affected by multiple memory corruption vulnerabilities and up to twenty issues exist in the application.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers.
Borland InterBase 2007 for Linux and Windows is considered to be vulnerable to these issues.
Some of these issues affect Firebird relational database, which is based on code from Borland Interbase. The following vulnerable functions were identified in Firebird :
INET_connect (Firebird 1.5)
SVC_attach (Firebird 1.5)
isc_attach_database (Firebird 2.0)
isc_create_database (Firebird 2.0)
Firebird versions 1.5.3, 1.5.4, 2.0.0, and 2.0.1 for Linux and Windows are affected by these issues.
- Borland Interbase 2007, 2007 SP2
- Firebird Firebird 1.5.3, 1.5.4, 2.0, 2.0.1
Reports indicate that these issues have been addressed in the latest version of Firebird (Firebird 220.127.116.118-1). Symantec was unable to verify this information and is not aware of any vendor-supplied patches for these issues. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org.