[pkg-firebird-general] Bug#446472: CVE-2007-5246 stack-based buffer overflow
Nico Golde
nion at debian.org
Sat Oct 13 10:44:41 UTC 2007
Package: firebird1.5
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird1.5.
CVE-2007-5246[0]:
| Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and
| 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote
| attackers to execute arbitrary code via (1) a long attach request on
| TCP port 3050 to the isc_attach_database function or (2) a long create
| request on TCP port 3050 to the isc_create_database function.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This bug is fixed in the 2.0 version of firebird.
You can find a patch on:
http://firebird.cvs.sourceforge.net/firebird/firebird2/src/jrd/why.cpp?r1=1.100.4.2&r2=1.100.4.3
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5246
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
More information about the pkg-firebird-general
mailing list