Multiple stack-based buffer overflows in Firebird LI 220.127.116.1148 and
18.104.22.16855, and WI 22.214.171.12448 and 126.96.36.19955, allow remote attackers to
execute arbitrary code via (1) a long attach request on TCP port 3050 to the
isc_attach_database function or (2) a long create request on TCP port 3050 to
the isc_create_database function.
Stack-based buffer overflow in the process_packet function in fbserver.exe in
Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a
long request to TCP port 3050.
We handled stabilization of 2.0.3 in bug 190833 and decided not to issue a GLSA. Two new issues came up that might question this.
The first is confirmed for Linux, for the second I don't know.
William, can you advise here?
If your asking about doing a GSLA or not. Hard call, but these look a bit more serious than the others. As for the one mentioning fbserver.exe, I would assume that would apply to linux as well. Obviously binary name would be different. But should have same functions, and use. So exploit should be possible regardless of OS for both. IMHO I will see if I can research this a bit to confirm 100%. If not you all can go off this.
somehow this slipped through our grid.