Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2492

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-2492
Last Modified 14 May 2013 11:36:13
Published 15 Mar 2013 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2492

Summary

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

Vulnerable Systems

Application

  • Firebirdsql Firebird 2.1.3

  • Firebirdsql Firebird 2.1.4

  • Firebirdsql Firebird 2.1.5

  • Firebirdsql Firebird 2.5.1

  • Firebirdsql Firebird 2.5.2

  • Firebirdsql Firebird 2.5.3


References

MISC - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb

MISC - https://gist.github.com/zeroSteiner/85daef257831d904479c

CONFIRM - http://tracker.firebirdsql.org/browse/CORE-4058

DEBIAN - DSA-2647

SUSE - openSUSE-SU-2013:0504

SUSE - openSUSE-SU-2013:0496

DEBIAN - DSA-2648


Last Updated: 27 May 2016 11:02:04