Vulnerability CVE-2008-0387


Published: 2008-01-28   Modified: 2012-02-12

Description:
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Firebird Remote Memory Corruption
Damian Frizza
28.01.2008

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Firebirdsql -> Firebird 

 References:
http://security.gentoo.org/glsa/glsa-200803-02.xml
http://securityreason.com/securityalert/3580
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
http://tracker.firebirdsql.org/browse/CORE-1681
http://www.coresecurity.com/?action=item&id=2095
http://www.debian.org/security/2008/dsa-1529
http://www.securityfocus.com/archive/1/487173/100/0/threaded
http://www.securityfocus.com/bid/27403
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996

Copyright 2024, cxsecurity.com

 

Back to Top