Lucene search
Gentoo FoundationGLSA-200707-01HistoryJul 01, 2007 - 12:00 a.m.
Firebird: Buffer overflow
2007-07-0100:00:00
Gentoo Foundation
security.gentoo.org
14
0.327 Low
EPSS
Percentile
97.0%
Background
Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems.
Description
Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing “connect” requests with an overly large “p_cnct_count” value.
Impact
An unauthenticated remote attacker could send a specially crafted request to a vulnerable server, possibly resulting in the execution of arbitrary code with the privileges of the user running Firebird.
Workaround
There is no known workaround at this time.
Resolution
All Firebird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-db/firebird | < 2.0.1 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200707-01 (firebird)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200707-01 (firebird)
2008-09-24 00:00:00
cvelist
cvelist
CVE-2007-3181
2007-06-12 23:00:00
ubuntucve
ubuntucve
CVE-2007-3181
2007-06-12 00:00:00
prion
prion
Buffer overflow
2007-06-12 23:30:00
cve
cve
CVE-2007-3181
2007-06-12 23:30:00
securityvulns
securityvulns
Firebird database server buffer overflow
2007-07-02 00:00:00
[Full-disclosure] [ GLSA 200707-01 ] Firebird: Buffer overflow
2007-07-02 00:00:00
nessus
nessus
GLSA-200707-01 : Firebird: Buffer overflow
2007-07-02 00:00:00
Firebird DataBase Server fbserver.exe p_cnct_count Value Remote Overflow
2007-06-13 00:00:00
Debian DSA-1529-1 : firebird -- multiple vulnerabilities
2008-03-28 00:00:00
debian
debian
[SECURITY] [DSA 1529-1] New Firebird packages fix several vulnerabilities
2008-03-27 11:35:16