mailing list archives
Re: Exploit module in metasploit
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Fri, 16 Apr 2010 11:29:07 -0500
On Fri, Apr 16, 2010 at 11:23:08AM -0300, David Guimaraes wrote:
I wonder if there is any module(or intend to make) in metasploit that
exploits CVE-2007-3181 (Vulnerability in Firebird/Interbase). This
vulnerability is a buffer overflow in Firebird SQL 2 (fbserver.exe) that
allows remote attackers to execute arbitrary code.
Despite being an old vulnerability (2007), in an old version (firebird <
2.0.1), there are still many unpatched machines. In a scanning pentest
conducted in an organization through Nessus, I was able to locate several
machines that has this vulnerability, however, I could not find any
Any help is welcome. Thank you.
That CVE (2007-3181) is not currently on the TODO list. However, you
may want to investigate the various InterBase modules, including
From memory, those vulnerabilities in InterBase were due to a bundled
version of the Firebird Database.
I filed a ticket in the MSF Redmine to track clarifying etc. It is
Joshua J. Drake