Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2013-2492

Disclosure Date: March 15, 2013
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Technical Analysis

The FirebirdSQL server is vulnerable to a stack buffer overflow that can be triggered when an unauthenticated user sends a specially crafted packet. The result can lead to remote code execution as the user which runs the FirebirdSQL server.

A lack of ASLR in some modules makes exploiting this vulnerability easier as memory locations do not need to be leaked. If the service crashes, it will automatically be restarted in the default configuration.

General Information

Technical Analysis