ID CVE-2007-3527
Summary Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
References
Vulnerable Configurations
  • Firebird Firebird 2.0.0
    cpe:2.3:a:firebirdsql:firebird:2.0.0
CVSS
Base: 6.8 (as of 04-07-2007 - 16:13)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-1529.NASL
description Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service. This Debian security advisory is a bit unusual. While it\'s normally our strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues. As a consequence security support for Firebird 1.5 is hereby discontinued.
last seen 2019-02-21
modified 2016-12-06
plugin id 38955
published 2008-03-28
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=38955
title Debian DSA-1529-1 : firebird -- multiple vulnerabilities
refmap via4
bid 28473
confirm
debian DSA-1529
osvdb 43782
secunia 29501
Last major update 30-10-2012 - 22:39
Published 03-07-2007 - 14:30
Back to Top