7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.862 High
EPSS
Percentile
98.6%
Added: 07/26/2007
CVE: CVE-2007-3566
BID: 25048
OSVDB: 38602
Borland Interbase is a database solution for Windows, Linux, and Solaris platforms.
A buffer overflow in the database service, **ibserver.exe**
, allows remote attackers to execute arbitrary commands by sending a specially crafted create request to port 3050/TCP.
Apply Interbase 2007 Service Pack 2.
<http://www.securityfocus.com/archive/1/474561>
Exploit works on Borland Interbase 2007 SP1 V8.0.0.123 on Windows and Borland Interbase 2007 V8.0.0.97 on Red Hat Enterprise Linux 4 Update 1.
When target platform is Linux with Exec-Shield, the target must have the following utilities installed: nc, nc6 (if using IPv6), mkfifo, sh.
Windows 2000
Windows Server 2003
Linux without Exec-Shield
Linux