Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 195569 (CVE-2007-4992) - dev-db/firebird < 2.0.3 Multiple buffer overflows (CVE-2007-{4992,5246})
Summary: dev-db/firebird < 2.0.3 Multiple buffer overflows (CVE-2007-{4992,5246})
Status: RESOLVED FIXED
Alias: CVE-2007-4992
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.zerodayinitiative.com/advi...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-12 01:40 UTC by Robert Buchholz (RETIRED)
Modified: 2007-12-09 21:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-12 01:40:53 UTC
CVE-2007-5246 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5246):
  Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and
  2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to
  execute arbitrary code via (1) a long attach request on TCP port 3050 to the
  isc_attach_database function or (2) a long create request on TCP port 3050 to
  the isc_create_database function.

CVE-2007-4992 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4992):
  Stack-based buffer overflow in the process_packet function in fbserver.exe in
  Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a
  long request to TCP port 3050.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-12 01:45:06 UTC
We handled stabilization of 2.0.3 in bug 190833 and decided not to issue a GLSA. Two new issues came up that might question this.
The first is confirmed for Linux, for the second I don't know.

William, can you advise here?
Comment 2 William L. Thomson Jr. (RETIRED) gentoo-dev 2007-10-12 13:55:29 UTC
If your asking about doing a GSLA or not. Hard call, but these look a bit more serious than the others. As for the one mentioning fbserver.exe, I would assume that would apply to linux as well. Obviously binary name would be different. But should have same functions, and use. So exploit should be possible regardless of OS for both. IMHO I will see if I can research this a bit to confirm 100%. If not you all can go off this.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-11-28 11:25:36 UTC
somehow this slipped through our grid.
request filed.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-09 21:27:26 UTC
GLSA 200712-06