Firebird username buffer overflow

2008-02-11T00:00:00
ID SAINT:DC2F14A0CB00C4CD547E686D52132CB4
Type saint
Reporter SAINT Corporation
Modified 2008-02-11T00:00:00

Description

Added: 02/11/2008
CVE: CVE-2008-0467
BID: 27467
OSVDB: 40924

Background

Firebird is a freely available relational database which is available for multiple platforms.

Problem

A buffer overflow vulnerability in Firebird allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted username.

Resolution

Upgrade to Firebird 2.1 RC1 or higher.

References

<http://secunia.com/advisories/28596>

Limitations

Exploit works on Firebird 2.0.3.

Platforms

Windows 2000
Windows Server 2003