This host is running Firebird server and is prone to buffer overflow vulnerability.

Successful exploitation will allow remote attackers to cause denial of service condition. Impact Level: Application

Upgrade Firebird to 2.1.5 Update 1, 2.5.2 Update 1, 2.5.3, 2.1.6 or later, For updates refer to http://www.firebirdsql.org

The flaw exists with a group number extracted from the CNCT information, which is sent by the client and whose size is not properly checked.

Firebird Server version 2.1.3 to 2.1.5 before 18514 and 2.5.1 to 2.5.3 before 26623 on Windows

• http://secunia.com/advisories/52506
• http://tracker.firebirdsql.org/browse/CORE-4058
• https://gist.github.com/zeroSteiner/85daef257831d904479c
• https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb

---

Updated on 2015-03-25