ID CVE-2003-0281
Summary Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
References
Vulnerable Configurations
  • Firebird Firebird 1.0.2
    cpe:2.3:a:firebirdsql:firebird:1.0.2
CVSS
Base: 4.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow (1). CVE-2002-2087,CVE-2003-0281. Local exploit for unix platform
    id EDB-ID:21565
    last seen 2016-02-02
    modified 2002-06-15
    published 2002-06-15
    reporter stripey
    source https://www.exploit-db.com/download/21565/
    title Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow 1
  • description Firebird 1.0.2 FreeBSD 4.7-RELEASE Local Root Exploit. CVE-2002-2087,CVE-2003-0281. Local exploit for bsd platform
    id EDB-ID:29
    last seen 2016-01-31
    modified 2003-05-12
    published 2003-05-12
    reporter bob
    source https://www.exploit-db.com/download/29/
    title Firebird 1.0.2 FreeBSD 4.7-RELEASE - Local Root Exploit
  • description Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow (2). CVE-2002-2087,CVE-2003-0281. Local exploit for unix platform
    id EDB-ID:21566
    last seen 2016-02-02
    modified 2002-06-18
    published 2002-06-18
    reporter bob
    source https://www.exploit-db.com/download/21566/
    title Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow 2
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-200405-18.NASL
description The remote host is affected by the vulnerability described in GLSA-200405-18 (Buffer Overflow in Firebird) A buffer overflow exists in three Firebird binaries (gds_inet_server, gds_lock_mgr, and gds_drop) that is exploitable by setting a large value to the INTERBASE environment variable. Impact : An attacker could control program execution, allowing privilege escalation to the UID of Firebird, full access to Firebird databases, and trojaning the Firebird binaries. An attacker could use this to compromise other user or root accounts. Workaround : There is no known workaround.
last seen 2019-02-21
modified 2018-12-18
plugin id 14504
published 2004-08-30
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14504
title GLSA-200405-18 : Buffer Overflow in Firebird
refmap via4
bid 7546
bugtraq
  • 20020617 Interbase 6.0 malloc() issues
  • 20030509 Firebird Local exploit
gentoo GLSA-200405-18
secunia 8758
xf firebird-interbase-bo(11977)
Last major update 17-10-2016 - 22:31
Published 16-06-2003 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top