CERTA-2004-AVI-181

Vulnerability from certfr_avis - Published: - Updated:

Un utilisateur mal intentionné peut, par une tentative de connexion habilement construite, provoquer un déni de service de la fonction serveur.

Description

Firebird est une version en source ouverte dérivée d'une version d'Interbase mise à disposition par Borland.

Un débordement de mémoire dans la gestion du nom des bases de données peut provoquer un arrêt inopiné du serveur.

Contournement provisoire

Restreindre l'accès au serveur de la base de données à des sites de confiance.

Solution

Mettre à jour en version 1.5 :

http://firebird.sourceforge.net/

Base de données Firebird 1.0.2.

Impacted products
Vendor Product Description
References
Avis de sécurité Secunia None vendor-advisory

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eBase de donn\u00e9es Firebird 1.0.2.\u003c/P\u003e",
  "content": "## Description\n\nFirebird est une version en source ouverte d\u00e9riv\u00e9e d\u0027une version\nd\u0027Interbase mise \u00e0 disposition par Borland.\n\nUn d\u00e9bordement de m\u00e9moire dans la gestion du nom des bases de donn\u00e9es\npeut provoquer un arr\u00eat inopin\u00e9 du serveur.\n\n## Contournement provisoire\n\nRestreindre l\u0027acc\u00e8s au serveur de la base de donn\u00e9es \u00e0 des sites de\nconfiance.\n\n## Solution\n\nMettre \u00e0 jour en version 1.5 :\n\n    http://firebird.sourceforge.net/\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2004-AVI-181",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-06-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Un utilisateur mal intentionn\u00e9 peut, par une tentative de connexion\nhabilement construite, provoquer un d\u00e9ni de service de la fonction\nserveur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de la base de donn\u00e9es Firebird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Secunia",
      "url": "http://secunia.com/advisories/11756"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.