Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 195569 (CVE-2007-4992)

Summary: dev-db/firebird < 2.0.3 Multiple buffer overflows (CVE-2007-{4992,5246})
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: wltjr
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.zerodayinitiative.com/advisories/ZDI-07-057.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-12 01:40:53 UTC
CVE-2007-5246 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5246):
  Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and
  2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to
  execute arbitrary code via (1) a long attach request on TCP port 3050 to the
  isc_attach_database function or (2) a long create request on TCP port 3050 to
  the isc_create_database function.

CVE-2007-4992 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4992):
  Stack-based buffer overflow in the process_packet function in fbserver.exe in
  Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a
  long request to TCP port 3050.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-12 01:45:06 UTC
We handled stabilization of 2.0.3 in bug 190833 and decided not to issue a GLSA. Two new issues came up that might question this.
The first is confirmed for Linux, for the second I don't know.

William, can you advise here?
Comment 2 William L. Thomson Jr. (RETIRED) gentoo-dev 2007-10-12 13:55:29 UTC
If your asking about doing a GSLA or not. Hard call, but these look a bit more serious than the others. As for the one mentioning fbserver.exe, I would assume that would apply to linux as well. Obviously binary name would be different. But should have same functions, and use. So exploit should be possible regardless of OS for both. IMHO I will see if I can research this a bit to confirm 100%. If not you all can go off this.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-11-28 11:25:36 UTC
somehow this slipped through our grid.
request filed.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-09 21:27:26 UTC
GLSA 200712-06