ID KLA10092Type kasperskyReporter Kaspersky LabModified 2020-06-03T00:00:00
Description
Detect date : 04/11/2003
Severity :High
Description :A buffer overflow was found in Borland Interbase. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally at a point related to gds_lock_mgr via specially designed environment variables.
Affected products :Borland Interbase Database 6 all versions
Solution :Update to latest version
Impacts :PE
Related products :Borland Interbase
CVE-IDS :CVE-2003-0197 7.2High
{"id": "KLA10092", "type": "kaspersky", "bulletinFamily": "info", "title": "KLA10092 LPE vulnerability in Borland Interbase", "description": "### *Detect date*:\n04/11/2003\n\n### *Severity*:\nHigh\n\n### *Description*:\nA buffer overflow was found in Borland Interbase. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally at a point related to gds_lock_mgr via specially designed environment variables.\n\n### *Affected products*:\nBorland Interbase Database 6 all versions\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[Borland Interbase](<https://threats.kaspersky.com/en/product/Borland-Interbase/>)\n\n### *CVE-IDS*:\n[CVE-2003-0197](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0197>)7.2High", "published": "2003-04-11T00:00:00", "modified": "2020-06-03T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10092/", "reporter": "Kaspersky Lab", "references": ["https://threats.kaspersky.com/en/product/Borland-Interbase/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0197", "https://statistics.securelist.com/vulnerability-scan/month"], "cvelist": ["CVE-2003-0197"], "immutableFields": [], "lastseen": "2021-08-18T11:34:14", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0197"]}, {"type": "osvdb", "idList": ["OSVDB:10831"]}], "modified": "2021-08-18T11:34:14", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-18T11:34:14", "rev": 2}, "vulnersScore": 6.4}}
{"cve": [{"id": "CVE-2003-0197", "vendorId": null, "hash": "6fd0c39e49c81448e9a978efe363fe22", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2003-0197", "description": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).", "published": "2003-04-11T04:00:00", "modified": "2016-10-18T02:30:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0197", "reporter": "cve@mitre.org", "references": ["http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html", "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "http://marc.info/?l=bugtraq&m=104940730819887&w=2"], "cvelist": ["CVE-2003-0197"], "immutableFields": [], "lastseen": "2021-04-21T20:24:12", "history": [{"bulletin": {"id": "CVE-2003-0197", "vendorId": null, "hash": "b14c6c30b141d08d225abb3bf00637bcc7fc163ee1f0beea91c1afaef9b5c57b", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2003-0197", "description": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).", "published": "2003-04-11T04:00:00", "modified": "2016-10-18T02:30:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0197", "reporter": "cve@mitre.org", "references": ["http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html", "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "http://marc.info/?l=bugtraq&m=104940730819887&w=2"], "cvelist": ["CVE-2003-0197"], "immutableFields": [], "lastseen": "2019-05-29T18:07:57", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2019-05-29T18:07:57", "references": [{"idList": ["KLA10092"], "type": "kaspersky"}, {"idList": ["OSVDB:10831"], "type": "osvdb"}], "rev": 2}, "score": {"modified": "2019-05-29T18:07:57", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/a:borland_software:interbase:6.5", "cpe:/a:borland_software:interbase:6.4", "cpe:/a:borland_software:interbase:6.0", "cpe:/a:firebirdsql:firebird:1.0.2"], "cpe23": ["cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"name": "firebirdsql firebird", "operator": "eq", "version": "1.0.2"}, {"name": "borland_software interbase", "operator": "eq", "version": "6.5"}, {"name": "borland_software interbase", "operator": "eq", "version": "6.0"}, {"name": "borland_software interbase", "operator": "eq", "version": "6.4"}], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": []}, "differentElements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:07:57"}, {"bulletin": {"id": "CVE-2003-0197", "vendorId": null, "hash": "e50f0ea668e0ccb741b76d0dd6ba32bdc42572a3a2bf56f6cc0e44b15f496ec9", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2003-0197", "description": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).", "published": "2003-04-11T04:00:00", "modified": "2016-10-18T02:30:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0197", "reporter": "cve@mitre.org", "references": ["http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html", "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "http://marc.info/?l=bugtraq&m=104940730819887&w=2"], "cvelist": ["CVE-2003-0197"], "immutableFields": [], "lastseen": "2020-10-03T11:33:02", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-10-03T11:33:02", "references": [{"idList": ["KLA10092"], "type": "kaspersky"}, {"idList": ["OSVDB:10831"], "type": "osvdb"}], "rev": 2}, "score": {"modified": "2020-10-03T11:33:02", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/a:borland_software:interbase:6.5", "cpe:/a:borland_software:interbase:6.4", "cpe:/a:borland_software:interbase:6.0", "cpe:/a:firebirdsql:firebird:1.0.2"], "cpe23": ["cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.5"}, {"cpeName": "firebirdsql:firebird", "name": "firebirdsql firebird", "operator": "eq", "version": "1.0.2"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.0"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.4"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": []}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T11:33:02"}, {"bulletin": {"id": "CVE-2003-0197", "vendorId": null, "hash": "0ab1008042e9dcf8747dfed954efd30eef0e5a722a4aa407cef65188711d0125", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2003-0197", "description": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).", "published": "2003-04-11T04:00:00", "modified": "2016-10-18T02:30:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0197", "reporter": "cve@mitre.org", "references": ["http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html", "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "http://marc.info/?l=bugtraq&m=104940730819887&w=2"], "cvelist": ["CVE-2003-0197"], "immutableFields": [], "lastseen": "2020-09-21T13:47:14", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2020-09-21T13:47:14", "references": [{"idList": ["KLA10092"], "type": "kaspersky"}, {"idList": ["OSVDB:10831"], "type": "osvdb"}], "rev": 2}, "score": {"modified": "2020-09-21T13:47:14", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/a:borland_software:interbase:6.5", "cpe:/a:borland_software:interbase:6.4", "cpe:/a:borland_software:interbase:6.0", "cpe:/a:firebirdsql:firebird:1.0.2"], "cpe23": ["cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.5"}, {"cpeName": "firebirdsql:firebird", "name": "firebirdsql firebird", "operator": "eq", "version": "1.0.2"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.0"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.4"}], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": []}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T13:47:14"}, {"bulletin": {"id": "CVE-2003-0197", "vendorId": null, "hash": "714900e9ce8488c76a127f1227203008f79011a965340f92060cc0dde6533def", "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2003-0197", "description": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).", "published": "2003-04-11T04:00:00", "modified": "2016-10-18T02:30:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0197", "reporter": "cve@mitre.org", "references": ["http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html", "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "http://marc.info/?l=bugtraq&m=104940730819887&w=2"], "cvelist": ["CVE-2003-0197"], "immutableFields": [], "lastseen": "2021-02-02T05:22:09", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-02-02T05:22:09", "references": [{"idList": ["KLA10092"], "type": "kaspersky"}, {"idList": ["OSVDB:10831"], "type": "osvdb"}], "rev": 2}, "score": {"modified": "2021-02-02T05:22:09", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "cpe": ["cpe:/a:borland_software:interbase:6.5", "cpe:/a:borland_software:interbase:6.4", "cpe:/a:borland_software:interbase:6.0", "cpe:/a:firebirdsql:firebird:1.0.2"], "cpe23": ["cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.5"}, {"cpeName": "firebirdsql:firebird", "name": "firebirdsql firebird", "operator": "eq", "version": "1.0.2"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.0"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.4"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory", "Exploit"], "url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"}, {"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq&m=104940730819887&w=2"}, {"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow", "refsource": "VULNWATCH", "tags": [], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"}]}, "different_elements": ["cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T05:22:09"}], "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "kaspersky", "idList": ["KLA10092"]}, {"type": "osvdb", "idList": ["OSVDB:10831"]}], "modified": "2021-04-21T20:24:12", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-04-21T20:24:12", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:borland_software:interbase:6.5", "cpe:/a:borland_software:interbase:6.4", "cpe:/a:borland_software:interbase:6.0", "cpe:/a:firebirdsql:firebird:1.0.2"], "cpe23": ["cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.5"}, {"cpeName": "firebirdsql:firebird", "name": "firebirdsql firebird", "operator": "eq", "version": "1.0.2"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.0"}, {"cpeName": "borland_software:interbase", "name": "borland software interbase", "operator": "eq", "version": "6.4"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory", "Exploit"], "url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"}, {"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq&m=104940730819887&w=2"}, {"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow", "refsource": "VULNWATCH", "tags": [], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"}], "_object_type": "robots.models.cve.CveBulletin", "_object_types": ["robots.models.cve.CveBulletin", "robots.models.base.Bulletin"]}]}
