| Subject | Security Alert |
|---|---|
| Author | Ann W. Harrison |
| Post date | 2001-01-10T04:04:19Z |
The Firebird project uncovered serious security problems
with InterBase. The problems are fixed in Firebird build
0.9.4 for all platforms. If you are running either InterBase
V6 or Firebird 0.9.3, you should upgrade to Firebird 0.9.4.
These security holes affect all version of InterBase shipped
since 1994, on all platforms.
For those who can not upgrade, Jim Starkey developed a patch
program that will correct the more serious problems in any
version of InterBase on any platform. IBPhoenix chose to
release the program without charge, given the nature of the
problem and our relationship to the community.
We will make the patch program available to the larger
user community soon, but are offering it now to members
of the IB_Support list. At the moment, name service is
not set up to the machine that is hosting the patch, so
you'll have to use the IP number both for the initial
contact and for the ftp download.
To start, point your browser at http://64.55.62.15/.
In the download instructions you receive, replace the
(relatively) intelligible string "firebird.ibphoenix.com"
with 64.55.62.15.
Look for an advisory from CERT (www.cert.org) tomorrow.
Regards,
Ann
with InterBase. The problems are fixed in Firebird build
0.9.4 for all platforms. If you are running either InterBase
V6 or Firebird 0.9.3, you should upgrade to Firebird 0.9.4.
These security holes affect all version of InterBase shipped
since 1994, on all platforms.
For those who can not upgrade, Jim Starkey developed a patch
program that will correct the more serious problems in any
version of InterBase on any platform. IBPhoenix chose to
release the program without charge, given the nature of the
problem and our relationship to the community.
We will make the patch program available to the larger
user community soon, but are offering it now to members
of the IB_Support list. At the moment, name service is
not set up to the machine that is hosting the patch, so
you'll have to use the IP number both for the initial
contact and for the ftp download.
To start, point your browser at http://64.55.62.15/.
In the download instructions you receive, replace the
(relatively) intelligible string "firebird.ibphoenix.com"
with 64.55.62.15.
Look for an advisory from CERT (www.cert.org) tomorrow.
Regards,
Ann