Update Protection against Borland InterBase Database Service Create-Request Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-060 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA26189 | |
| Industry Reference(s): | CVE-2007-3566 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Borland InterBase 2007 Prior to SP2 | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in Borland InterBase. Borland InterBase is a SQL-92 compliant relational database management system for Linux, Microsoft Windows, and Solaris operating systems. A remote attacker can exploit this issue to cause a denial of service condition or to execute arbitrary code on an affected system. |
||
|
Update/Patch Available Update to Borland InterBase 2007 Service Pack 2: Borland |
|
|
Vulnerability Details The vulnerability is due to a boundary error in Borland InterBase that fails to properly process the payload in CREATE request. An attacker can exploit this vulnerability by specially crafting a malicious CREATE request and sending it to a target service. Successful exploitation of this issue may cause a denial of service condition or allow the attacker to inject and execute arbitrary code on the vulnerable system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed CREATE requests sent to the vulnerable service.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.