Intrusion Prevention

Firebird.Database.XDR.Protocol.Memory.Corruption

Description

This indicates an attempt to exploit a memory corruption vulnerability in Firebird SQL.
There is a vulnerability in Firebird SQL that may allow remote attackers to trigger memory corruption. It can be exploited via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, or (6) op_start_send_and_receive XDR requests.

Affected Products

Firebird SQL 1.0.3 and before.
Firebird SQL 1.5.5 and before.
Firebird SQL 2.0.3 and before.
Firebird SQL 2.1.0 Beta 2 and before.

Impact

System Compromise: remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version.
Firebird SQL 1.5.6 (to be released)
Firebird SQL 2.0.4 (to be released)
Firebird SQL 2.1.0 RC1

CVE References

CVE-2008-0387