Subject Re: [firebird-support] Vulnerability
Author Carlos Mazariegos

The vulnerability that reported Palo Alto is:
  • Unique Threat Id: 31633
  • Descriptión: Ther exists a buffer overflow vulnerability in Borland Interbase server.  The vulnerability is due to lack of boundary protection while processing Connect Requests (Opcode 0x01).  A remote unauthenticated attacker can send a crafted request to the target host to exploid this vulnerability.  Succesful attack could allow for arbitrary code being ijected an executed with the privileges of the affected services, which is normally System on Windows platforms.
  • Category: overflow
  • Severity: critical
  • Action: reset-server
  • First Release: 107 (2009-02-06 UTC)
  • Last update: 228 (2011-01-17 UTC)
  • Reference:
Thank you for 


El lun., 26 de sep. de 2016 a la(s) 23:59, Mark Rotteveel mark@... [firebird-support] <> escribió:

On 26-9-2016 22:56, Carlos Mazariegos carlosemazariegosa@...

[firebird-support] wrote:
> I understand firebird is not equal interbase,
> but the problem is that the Firewall Palo Alto,
> Palo Alto detected the vulnerability with my application, which is built
> with:

It didn't detect the vulnerability, it likely just detected that you
used the Firebird protocol and matched that with one of the known and
fixed vulnerabilities. You really need to be more specific, did it say
which vulnerability it detected (which CVE)?

> * Java EE 7
> * Glassfish 4.1
> * Firebird Superserver 2.5.5.

> researching on the internet I found that firebird has had buffer
> overflow vulnerability. My question is:
> Firebird presents the vulnerability of "buffer overflow"?

The term "buffer overflow" is very generic, and Firebird has had a few
in previous versions. As far as I am aware, there are no known
vulnerabilities in 2.5.5.

You might want to contact the vendor of Firewall Palo Alto to specify
which vulnerability they detected.

Mark Rotteveel

Carlos Mazariegos