CVE-2004-2043
published 2004-05-01CVE-2004-2043: Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
11.87%
95.6th percentile
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase_superserver | — | — |
| firebirdsql | firebird | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Borland Interbase 7.x - Remote Buffer Overflow
exploitdb·2004-06-25
CVE-2004-2043 Borland Interbase 7.x - Remote Buffer Overflow
Borland Interbase 7.x - Remote Buffer Overflow
---
#!/usr/bin/perl
# Priv8security com remote exploit for Borland Interbase 7.1 SP 2 and lower
# Public Version!!!
#
# Bug found by Aviram Jenik www.securiteam.com unixfocus 5AP0P0UCUO.html
#
# [wsxz@localhost buffer]$ perl priv8ibserverb.pl -h localhost -t 0
#
# -=[ Priv8security.com InterBase Server 7.1 SP2 and lower remote exploit ]=-
#
# [+] Using target 0: Linux Interbase 7.1 SP 2
# [+] Sending first buffer... d0ne!
# [+] Waiting... Got awnser!
# [+] Sending final hit... Done!
# [+] Enjoy your stay on this server =)
#
# ****** Welcome to 'localhost' ******
#
# Linux localhost 2.4.21-0.27mdk #1 Wed Jan 7 03:44:18 MST 2004 i686 unknown
# unknown GNU/Linux
# uid=0(root) gid=0(root) groups=0(root)
#
use IO::Socket;
use Getopt::Std; getopts
Exploit-DB
Firebird 1.0 - Remote Database Name Buffer Overrun
exploitdb·2004-06-01
CVE-2004-2043 Firebird 1.0 - Remote Database Name Buffer Overrun
Firebird 1.0 - Remote Database Name Buffer Overrun
---
source: https://www.securityfocus.com/bid/10446/info
Firebird is reported prone to a remote buffer-overrun vulnerability. The issue occurs because the application fails to perform sufficient boundary checks when the database server is handling database names.
A remote attacker may exploit this vulnerability, without requiring valid authentication credentials, to influence the execution flow of the affected Firebird database server. Ultimately, this may lead to the execution of attacker-supplied code in the context of the affected software.
#!/usr/bin/perl
# Priv8security com remote exploit for Borland Interbase 7.1 SP 2 and lower
# Public Version!!!
#
# Bug found by Aviram Jenik www.securiteam.com unixfocus 5AP0P0UCUO.html
#
# [ws
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.htmlhttp://marc.info/?l=bugtraq&m=108611386202493&w=2http://secunia.com/advisories/11756http://secunia.com/advisories/19350http://securitytracker.com/id?1010381http://www.debian.org/security/2006/dsa-1014http://www.osvdb.org/6408http://www.osvdb.org/6624http://www.securiteam.com/unixfocus/5AP0P0UCUO.htmlhttp://www.securityfocus.com/bid/10446https://exchange.xforce.ibmcloud.com/vulnerabilities/16229https://exchange.xforce.ibmcloud.com/vulnerabilities/16316http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.htmlhttp://marc.info/?l=bugtraq&m=108611386202493&w=2http://secunia.com/advisories/11756http://secunia.com/advisories/19350http://securitytracker.com/id?1010381http://www.debian.org/security/2006/dsa-1014http://www.osvdb.org/6408http://www.osvdb.org/6624http://www.securiteam.com/unixfocus/5AP0P0UCUO.htmlhttp://www.securityfocus.com/bid/10446https://exchange.xforce.ibmcloud.com/vulnerabilities/16229https://exchange.xforce.ibmcloud.com/vulnerabilities/16316
2004-05-01
Published