[pkg-firebird-general] Bug#432753: CVE-2006-7211 to 7214 : unfixed in firebird1.5
Stefan Fritsch
sf at sfritsch.de
Wed Jul 11 19:13:05 UTC 2007
Package: firebird1.5
Severity: normal
Tags: security
These issues are reported to be fixed in 2.0, but I can't find any references in
the changelogs that they are fixed in 1.5:
CVE-2006-7214
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to
(1) cause a denial of service (application crash) by sending many remote
protocol versions; and (2) cause a denial of service (connection drop) via
certain network traffic, as demonstrated by Nessus vulnerability scanning.
CVE-2006-7213
Firebird 1.5 allows remote authenticated users without SYSDBA and owner
permissions to overwrite a database by creating a database.
CVE-2006-7212
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have
unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
CVE-2006-7211
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore
array, which allows local users to cause a denial of service (blocked query
processing) by locking semaphores.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7211
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7212
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7213
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7214
More information about the pkg-firebird-general
mailing list