calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'update'
${ noResults }
gentoo-overlay/metadata/glsa/glsa-200712-06.xml

66 lines
2.1 KiB
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200712-06">
<title>Firebird: Multiple buffer overflows</title>
<synopsis>
Multiple stack-based buffer overflows were discovered in Firebird.
</synopsis>
<product type="ebuild">firebird</product>
<announced>2007-12-09</announced>
<revised count="01">2007-12-09</revised>
<bug>195569</bug>
<access>remote</access>
<affected>
<package name="dev-db/firebird" auto="yes" arch="*">
<unaffected range="ge">2.0.3.12981.0-r2</unaffected>
<vulnerable range="lt">2.0.3.12981.0-r2</vulnerable>
</package>
</affected>
<background>
<p>
Firebird is a multi-platfrom, open source relational database.
</p>
</background>
<description>
<p>
Adriano Lima and Ramon de Carvalho Valle reported that functions
isc_attach_database() and isc_create_database() do not perform proper
boundary checking when processing their input.
</p>
</description>
<impact type="normal">
<p>
A remote attacker could send specially crafted requests to the Firebird
server on TCP port 3050, possibly resulting in the execution of
arbitrary code with the privileges of the user running Firebird
(usually firebird).
</p>
</impact>
<workaround>
<p>
There is no known workaround at this time.
</p>
</workaround>
<resolution>
<p>
All Firebird users should upgrade to the latest version:
</p>
<code>
# emerge --sync
# emerge --ask --oneshot --verbose "&gt;=dev-db/firebird-2.0.3.12981.0-r2"</code>
</resolution>
<references>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4992">CVE-2007-4992</uri>
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5246">CVE-2007-5246</uri>
</references>
<metadata tag="requester" timestamp="2007-11-28T11:24:49Z">
rbu
</metadata>
<metadata tag="bugReady" timestamp="2007-11-29T00:06:33Z">
rbu
</metadata>
<metadata tag="submitter" timestamp="2007-12-08T23:26:04Z">
p-y
</metadata>
</glsa>
Reference in new issue View Git Blame Copy Permalink