CVE-2007-5245

Name of the Vulnerable Software and Affected Versions: Firebird LI versions 1.5.3.4870 through 1.5.4.4910 Firebird WI versions 1.5.3.4870 through 1.5.4.4910

Description: The issue allows remote attackers to execute arbitrary code via a long service attach request on TCP port 3050 to the SVC attach function or unspecified vectors involving the INET connect function. This can be achieved by sending a malicious request to the / endpoint, however the exact endpoint is not specified.

Recommendations: For Firebird LI versions 1.5.3.4870 through 1.5.4.4910, consider disabling the SVC attach function and restricting access to the INET connect function until a patch is available. For Firebird WI versions 1.5.3.4870 through 1.5.4.4910, consider disabling the SVC attach function and restricting access to the INET connect function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.