Subject Re: [ib-support] Exploits/Vulnerabilities
Author John Bellardo
On Wednesday, September 25, 2002, at 04:42 PM, William L. Thomson Jr.

> [...]
> Recently I saw a post on a Cobalt security list showing forwarded
> message about an exploit in IB 6 I believe CS.

Yes, the exploit only works on CS. It is a local exploit, meaning the
attacker needs pre-existing shell access to the machine.

> [...]
> I am just looking for confirmation on whether they exist or not for
> Firebird. I would test myself, but I do not want to play around looking
> for a problem that has already been resolved. I can however if others
> are unsure.
> [...]

After reading the code, I assume it will work on FB as well. The
exploit takes advantage of the lock manager process. Keep in mind that
not all platforms use that process, and those that don't will not be
vulnerable to this attack.