ID CVE-2007-2606
Summary Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
References
Vulnerable Configurations
  • Firebird Firebird 2.1
    cpe:2.3:a:firebirdsql:firebird:2.1
CVSS
Base: 7.8 (as of 11-05-2007 - 16:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-1529.NASL
description Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service. This Debian security advisory is a bit unusual. While it\'s normally our strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues. As a consequence security support for Firebird 1.5 is hereby discontinued.
last seen 2019-02-21
modified 2016-12-06
plugin id 38955
published 2008-03-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=38955
title Debian DSA-1529-1 : firebird -- multiple vulnerabilities
refmap via4
bid 28478
bugtraq 20070509 Multiple vulnerabilities
debian DSA-1529
osvdb
  • 37308
  • 37309
secunia 29501
sreason 2708
xf firebird-configfile-checkmsgs-bo(34201)
Last major update 30-10-2012 - 22:35
Published 11-05-2007 - 06:19
Last modified 16-10-2018 - 12:44
Back to Top