CVE-2007-5244
published 2007-10-06CVE-2007-5244: Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers…
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
37.50%
98.3th percentile
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| borland | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
| borland_software | interbase | — | — |
Detection & IOCsextracted from sources · hover to see the quote
otherRET address 0x0804cbe4 (pop esi; pop ebp; ret) — Borland InterBase LI-V8.0.0.53 / LI-V8.0.0.54 / LI-V8.1.0.253↗
bytes↗
opcode 0x52
- →Flag any TCP/3050 packet containing opcode 0x52 that is malformed or anomalously large, as this is the specific trigger for the ibserver.exe stack overflow. ↗
- →Bad characters used in the exploit payload are \x00\x2f\x3a\x40\x5c; their absence in an otherwise large TCP/3050 attach request body can help confirm a crafted exploit buffer. ↗
- →Alert on connections to ibserver.exe (TCP/3050) from external hosts sending an op_attach packet whose data field exceeds normal bounds (legitimate attach requests are far smaller than 1056 bytes). ↗
- ·The Metasploit module targets only Linux builds of Borland InterBase (LI-V8.0.0.53, LI-V8.0.0.54, LI-V8.1.0.253); the hardcoded RET gadget (0x0804cbe4) is version-specific and will not work against other builds. ↗
- ·The NVD note indicates possible overlap between CVE-2007-5243, CVE-2007-5244, and CVE-2008-1910; detections built for one CVE may cover the others as they share the same service and port. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v8gg-m84r-hhqc: Stack-based buffer overflow in the database service (ibserver
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-1910 [CRITICAL] CWE-119 GHSA-v8gg-m84r-hhqc: Stack-based buffer overflow in the database service (ibserver
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.
GHSA
GHSA-9q4h-3qxr-p642: Stack-based buffer overflow in Borland InterBase LI 8
ghsa_unreviewed·2022-05-01
CVE-2007-5244 [HIGH] CWE-119 GHSA-9q4h-3qxr-p642: Stack-based buffer overflow in Borland InterBase LI 8
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function.
No detection rules found.
Exploit-DB
Borland Interbase - 'open_marker_file()' Remote Buffer Overflow (Metasploit)
exploitdb·2010-07-03
CVE-2007-5244 Borland Interbase - 'open_marker_file()' Remote Buffer Overflow (Metasploit)
Borland Interbase - 'open_marker_file()' Remote Buffer Overflow (Metasploit)
---
##
# $Id: ib_open_marker_file.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Borland InterBase open_marker_file() Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Borland InterBase
by sending a specially crafted attach request.
},
'Version' => '$Revision: 9669 $',
'Author' =>
[
'ramon',
'Adriano Lima ',
],
'Arch' => ARCH_X86,
'Platform' => 'linux',
'References' =>
[
[ 'CVE', '2007-524
Exploit-DB
Borland Interbase 2007/2007 SP2 - 'open_marker_file' Remote Buffer Overflow (Metasploit)
exploitdb·2007-10-03
CVE-2007-5244 Borland Interbase 2007/2007 SP2 - 'open_marker_file' Remote Buffer Overflow (Metasploit)
Borland Interbase 2007/2007 SP2 - 'open_marker_file' Remote Buffer Overflow (Metasploit)
---
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Borland InterBase open_marker_file() Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in Borland InterBase
by sending a specially crafted attach request.
},
'Version' => '$Revision$',
'Author' =>
[
'ramon',
'Adriano Lima ',
],
'Arch' => ARCH_X86,
'Platform' => 'linux',
'References' =>
[
[ 'CVE', '2007-5244' ],
[ 'OSVDB', '38610' ],
[ 'BID', '25917' ],
[ 'URL', 'h
Metasploit
Borland InterBase open_marker_file() Buffer Overflow
metasploit
Borland InterBase open_marker_file() Buffer Overflow
Borland InterBase open_marker_file() Buffer Overflow
This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted attach request.
No writeups or analysis indexed.
http://osvdb.org/38610http://risesecurity.org/advisory/RISE-2007002/http://risesecurity.org/blog/entry/3/http://risesecurity.org/exploit/11/http://secunia.com/advisories/27058http://www.securityfocus.com/bid/25917http://www.securitytracker.com/id?1018772http://www.vupen.com/english/advisories/2007/3381https://exchange.xforce.ibmcloud.com/vulnerabilities/36956http://osvdb.org/38610http://risesecurity.org/advisory/RISE-2007002/http://risesecurity.org/blog/entry/3/http://risesecurity.org/exploit/11/http://secunia.com/advisories/27058http://www.securityfocus.com/bid/25917http://www.securitytracker.com/id?1018772http://www.vupen.com/english/advisories/2007/3381https://exchange.xforce.ibmcloud.com/vulnerabilities/36956
2007-10-06
Published