ID CVE-2008-0387
Summary Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:firebirdsql:firebird:-:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.0.4306:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.0.4306:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.2.4731:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.2.4731:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.3.4870:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.3.4870:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.4.4910:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.4.4910:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.0.0.12748:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.0.0.12748:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.0.1.12855:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.0.1.12855:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 26-10-2018 - 14:19)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 27403
bugtraq 20080128 CORE-2007-1219: Firebird Remote Memory Corruption
confirm
debian DSA-1529
gentoo GLSA-200803-02
misc http://www.coresecurity.com/?action=item&id=2095
secunia
  • 29203
  • 29501
sreason 3580
xf firebird-xdrprotocol-integer-overflow(39996)
Last major update 26-10-2018 - 14:19
Published 29-01-2008 - 02:00
Last modified 26-10-2018 - 14:19
Back to Top