Bug #1706
Clarification is needed around the InterBase and Firebird exploit modules
| Status: | Closed | Start date: | 04/16/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | Ramon de C Valle | % Done: | 0% |
|
| Category: | modules - exploits | |||
| Target version: | - | |||
| Resolution: | Release Note: |
Description
From my memory, many of the vulnerabilities reported in InterBase were due to a bundled version of Firebird. In those cases, the modules should be for Firebird and simply reference InterBase as having bundled it.
Additionally, we should check whether we need to develop an exploit for CVE-2007-3181 or if one of the other existing modules covers that case.
History
Updated by Ramon de C Valle almost 2 years ago
The modules for InterBase only work for versions of InterBase, not Firebird. I have not developed a module for CVE-2007-3181, however, the modules for CVE-2007-5243 include the versions of Firebird vulnerable to CVE-2007-3181 and probably can be used.
The following is the list of modules:
modules/exploit/windows/misc/fb_isc_attach_database
modules/exploit/windows/misc/fb_isc_create_database
modules/exploit/windows/misc/fb_svc_attach
-Ramon
Joshua Drake wrote:
From my memory, many of the vulnerabilities reported in InterBase were due to a bundled version of Firebird. In those cases, the modules should be for Firebird and simply reference InterBase as having bundled it.
Additionally, we should check whether we need to develop an exploit for CVE-2007-3181 or if one of the other existing modules covers that case.
Updated by Ramon de C Valle almost 2 years ago
- Status changed from Assigned to Closed
Updated by Joshua J. Drake about 1 year ago
- Category changed from 9 to modules - exploits