Lucene search

Gentoo FoundationGLSA-200405-18

HistoryMay 23, 2004 - 12:00 a.m.

Buffer Overflow in Firebird

2004-05-2300:00:00

Gentoo Foundation

security.gentoo.org

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Background

Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems.

Description

A buffer overflow exists in three Firebird binaries (gds_inet_server, gds_lock_mgr, and gds_drop) that is exploitable by setting a large value to the INTERBASE environment variable.

Impact

An attacker could control program execution, allowing privilege escalation to the UID of Firebird, full access to Firebird databases, and trojaning the Firebird binaries. An attacker could use this to compromise other user or root accounts.

Workaround

There is no known workaround.

Resolution

All users should upgrade to the latest version of Firebird:

 # emerge sync
 
 # emerge -pv "&gt;=dev-db/firebird-1.5"
 # emerge "&gt;=dev-db/firebird-1.5"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/firebird< 1.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	dev-db/firebird	< 1.5	UNKNOWN

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for GLSA-200405-18