Gentoo Logo

Firebird: Buffer overflow


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200707-01 / firebird
Release Date July 01, 2007
Latest Revision July 01, 2007: 01
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-db/firebird < 2.0.1 >= 2.0.1 All supported architectures

Related bugreports: #181811


A vulnerability has been discovered in Firebird, allowing for the execution of arbitrary code.

2.  Impact Information


Firebird is an open source relational database that runs on Linux, Windows, and various UNIX systems.


Cody Pierce from TippingPoint DVLabs has discovered a buffer overflow when processing "connect" requests with an overly large "p_cnct_count" value.


An unauthenticated remote attacker could send a specially crafted request to a vulnerable server, possibly resulting in the execution of arbitrary code with the privileges of the user running Firebird.

3.  Resolution Information


There is no known workaround at this time.


All Firebird users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/firebird-2.0.1"

4.  References


Page updated July 01, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.