ID CVE-2004-2043
Summary Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
References
Vulnerable Configurations
  • cpe:2.3:a:borland_software:interbase:4.0
    cpe:2.3:a:borland_software:interbase:4.0
  • cpe:2.3:a:borland_software:interbase:5.0
    cpe:2.3:a:borland_software:interbase:5.0
  • cpe:2.3:a:borland_software:interbase:6.0
    cpe:2.3:a:borland_software:interbase:6.0
  • cpe:2.3:a:borland_software:interbase:6.4
    cpe:2.3:a:borland_software:interbase:6.4
  • cpe:2.3:a:borland_software:interbase:6.5
    cpe:2.3:a:borland_software:interbase:6.5
  • cpe:2.3:a:borland_software:interbase:7.0
    cpe:2.3:a:borland_software:interbase:7.0
  • cpe:2.3:a:borland_software:interbase:7.1
    cpe:2.3:a:borland_software:interbase:7.1
  • cpe:2.3:a:borland_software:interbase_superserver:6.0
    cpe:2.3:a:borland_software:interbase_superserver:6.0
  • Firebird Firebird 1.0
    cpe:2.3:a:firebirdsql:firebird:1.0
CVSS
Base: 5.0 (as of 25-05-2005 - 15:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
  • description Firebird 1.0 Remote Pre-Authentication Database Name Buffer Overrun Vulnerability. CVE-2004-2043. Remote exploit for linux platform
    id EDB-ID:24165
    last seen 2016-02-02
    modified 2004-06-01
    published 2004-06-01
    reporter wsxz
    source https://www.exploit-db.com/download/24165/
    title Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun Vulnerability
  • description Borland Interbase <= 7.x Remote Exploit. CVE-2004-2043. Remote exploit for linux platform
    id EDB-ID:303
    last seen 2016-01-31
    modified 2004-06-25
    published 2004-06-25
    reporter Aviram Jenik
    source https://www.exploit-db.com/download/303/
    title Borland Interbase <= 7.x - Remote Exploit
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1014.NASL
    description Aviram Jenik and Damyan Ivanov discovered a buffer overflow in firebird2, an RDBMS based on InterBase 6.0 code, that allows remote attackers to crash.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22556
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22556
    title Debian DSA-1014-1 : firebird2 - buffer overflow
  • NASL family Databases
    NASL id FIREBIRD_BO.NASL
    description The remote host is running Firebird database. The remote version of this service is vulnerable to a remote stack-based overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Firebird database less than 1.5.0 are reportedly vulnerable to this overflow.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 12246
    published 2004-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12246
    title Firebird DB Remote Database Name Overflow
refmap via4
bid 10446
bugtraq 20040601 Firebird Database Remote Database Name Overflow
debian DSA-1014
fulldisc 20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow
misc http://www.securiteam.com/unixfocus/5AP0P0UCUO.html
osvdb
  • 6408
  • 6624
sectrack 1010381
secunia
  • 11756
  • 19350
xf
  • firebird-database-name-bo(16229)
  • interbase-database-name-bo(16316)
Last major update 17-10-2016 - 23:05
Published 01-05-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top