Gentoo Logo

Firebird: Buffer overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200707-01 / firebird
Release Date July 01, 2007
Latest Revision July 01, 2007: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-db/firebird < 2.0.1 >= 2.0.1 All supported architectures

Related bugreports: #181811

Synopsis

A vulnerability has been discovered in Firebird, allowing for the execution of arbitrary code.

2.  Impact Information

Background

Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems.

Description

Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing "connect" requests with an overly large "p_cnct_count" value.

Impact

An unauthenticated remote attacker could send a specially crafted request to a vulnerable server, possibly resulting in the execution of arbitrary code with the privileges of the user running Firebird.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Firebird users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1"

4.  References

Print

Page updated July 01, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.