Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5246

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-5246
Last Modified 07 Mar 2011 10:00:22
Published 06 Oct 2007 01:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5246

Summary

Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.

Vulnerable Systems

Application

  • Firebirdsql Firebird 2.0.0.12748

  • Firebirdsql Firebird 2.0.1.12855


References

VUPEN - ADV-2007-3379

BID - 25917

MISC - http://risesecurity.org/exploit/17/

MISC - http://risesecurity.org/exploit/16/

MISC - http://risesecurity.org/blog/entry/3/

MISC - http://risesecurity.org/advisory/RISE-2007003/

XF - firebird-attach-create-bo(36958)

SECTRACK - 1018773

BID - 25925

BUGTRAQ - 20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities

GENTOO - GLSA-200712-06

SECUNIA - 27982

SECUNIA - 27057

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=195569

MISC - http://www.risesecurity.org/advisory/RISE-2007003/


Last Updated: 27 May 2016 10:49:56