cbcvebase.
CVE-2013-3563
published 2013-07-04

CVE-2013-3563: Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or…

PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
48.22%
98.7th percentile
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.

Affected

1 ranges
VendorProductVersion rangeFixed in
lianjalianja_sql_server<= 1.0

Detection & IOCsextracted from sources · hover to see the quote

port8001/tcp
processdb_netserver
  • Probe/check phase sends the 6-byte string 'db_net' to TCP port 8001; a numeric 4-byte response indicates a vulnerable Lianja SQL db_netserver instance.
  • Exploit payload contains bad character \x01; any TCP/8001 stream to db_netserver that begins with 'db_net' followed by a large crafted buffer (starting with bytes 000052E1) should be treated as an exploitation attempt.
  • Targets are Windows Server 2003 SP1/SP2 and Windows XP SP3 running Lianja SQL 1.0.0RC5.1; privilege level of the spawned db_netserver process is SYSTEM-level (Privileged => true).
  • ·The exploit uses a ROP chain (StackAdjustment -3500) and the specific ROP gadgets differ between the Windows 2003 and Windows XP SP3 targets; detection rules should not rely solely on payload bytes as they are target-dependent.
  • ·WfsDelay is set to 20 seconds, meaning the exploit connection may appear idle for up to 20 seconds before the payload executes; short-lived connection timeouts may miss the full attack sequence.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.