Firebird “fbserver” Service Connect Request Handling Buffer Overflow Vulnerability

Vulnerability has been identified in Firebird, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the “fbserver.exe” service (port 3050/TCP) when processing a “connect” request (0x1) with a large “p_cnct_count” value, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code with the privileges of the database.

Affected Products

Firebird version 2.0.0

Solution

Upgrade ASAP to Firebird version 2.0.1 :
http://www.firebirdsql.org/index.php?op=files&id=engine_201