Jack,

> My webmaster brought something up in our development meeting regarding
> the use of Firebird over a network. Specifically, vulnerability to
> exploits across a network. Here is an example:
>
> "This module exploits a buffer overflow vulnerability in the database
> service (fbserver.exe) of the FireBird SQL application. The exploit
> triggers a stack-based buffer overflow by sending a specially crafted
> "create" request to port 3050/TCP of the vulnerable system and
> installs an agent if successful." This is something that actually
> exists on the Internet" (Will not publish the site this is found on.)

In addition to the suggestions which Steve and Alexandre have made, I
should also point out that the Firebird project take all security
vulnerabilities very seriously.

To that end the project issues maintenance releases for older versions
when the vulnerability is found to be of sufficient severity to warrant.

I believe that it is safe to say that the above report relates to an old
FB version and has since been addressed -- this is an obvious attack.

If you have specific concerns, I would invite you to post a message to
the project Admins mailing list (firebird-admins@...)
-- please include the site URL -- and they will respond accordingly.


Sean Leyne
Firebird Project Admin Team Member