Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9323

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9323
Last Modified 11 May 2015 10:02:02
Published 16 Dec 2014 01:59:14
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9323

Summary

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

Vulnerable Systems

Application

  • Firebird 2.1.6

  • Firebird 2.5

  • Firebird 2.5.1

  • Firebird 2.5.2

  • Firebird 2.5.3

  • Firebirdsql Firebird 2.1.6

  • Firebirdsql Firebird 2.5

  • Firebirdsql Firebird 2.5.1

  • Firebirdsql Firebird 2.5.2

  • Firebirdsql Firebird 2.5.3


References

CONFIRM - http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/

CONFIRM - http://tracker.firebirdsql.org/browse/CORE-4630

SUSE - openSUSE-SU-2014:1621

MANDRIVA - MDVSA-2015:172

CONFIRM - http://advisories.mageia.org/MGASA-2014-0523.html


Last Updated: 27 May 2016 11:07:38