A security hole has been discovered in Borland/Inprise database InterBase, which could allow malicious attacks on InterBase users` data and servers.
The security hole originates from a back door left in the server by one of the Borland/Inprise developers, and affects InterBase versions four through six, or all versions on all platforms shipped since 1994.
The password "correct" gives hackers access to the database through the Internet or locally, and will allow them to manipulate objects in the database.
Due to the stored procedural nature of the database, malicious code can be uploaded and executed on the host machine, and if the database software is running with root privileges, any file on the server can be overwritten, which could lead to the ability to execute code as root.
According to the Carnegie Mellon Software Engineering Institute, the back door account cannot be closed through normal operational commands, nor can it be deleted from existing servers. Borland/Inprise has released a patch for the back door on its site for InterBase on Windows, HP-UX, Linux, Solaris and SCO platforms.
Another option is to block the default InterBase port, 3050/tcp, which will protect data from external hacks, but the database will still be vulnerable to attacks within the firewall. The port may also be assigned dynamically on start-up.
Borland`s Web site carries the following message regarding the security hole: "We hope this causes as little inconvenience as possible. Knowing software is not error free we understand that anomalies will occur. We are dedicated to correcting them as quickly and efficiently as possible."
Borland South Africa was not available for comment at the time of publication.
Share