Borland Software: >> Interbase Security Vulnerabilities
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.
CVSS Score
9.3
EPSS Score
0.816
Published
2007-10-06
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.
CVSS Score
9.3
EPSS Score
0.763
Published
2007-10-06
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
CVSS Score
7.5
EPSS Score
0.725
Published
2007-07-26
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
CVSS Score
5.0
EPSS Score
0.489
Published
2004-05-01
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-03-20
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
CVSS Score
7.2
EPSS Score
0.001
Published
2003-04-11
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.
CVSS Score
7.2
EPSS Score
0.001
Published
2003-04-02
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVSS Score
4.6
EPSS Score
0.002
Published
2002-12-31
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
CVSS Score
10.0
EPSS Score
0.275
Published
2001-02-12