Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0387

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-0387
Last Modified 05 Sep 2008 05:34:56
Published 28 Jan 2008 09:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0387

Summary

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

Vulnerable Systems

Application

  • Firebirdsql Firebird 1.0.3

  • Firebirdsql Firebird 1.5.5

  • Firebirdsql Firebird 2.0.3

  • Firebirdsql Firebird 2.1 Beta


References

MISC - http://www.coresecurity.com/?action=item&id=2095

BID - 27403

BUGTRAQ - 20080128 CORE-2007-1219: Firebird Remote Memory Corruption

CONFIRM - http://tracker.firebirdsql.org/browse/CORE-1681

XF - firebird-xdrprotocol-integer-overflow(39996)

DEBIAN - DSA-1529

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800

SREASON - 3580

GENTOO - GLSA-200803-02

SECUNIA - 29501

SECUNIA - 29203


Last Updated: 27 May 2016 10:46:47