Subject | Patch availability for release 1.5 |
---|---|
Author | Menashe Sulkies |
Post date | 2008-07-22T08:22:33Z |
A security problem was fixed in Firebird-2.0.1. This specific problem is
described below.
Question: Is there a patch that can be applied to Firebird-1.5 (on
Solaris) for fixing this problem?
Thanks.
Description :
The version of Firebird installed on the remote host is vulnerable to
a buffer overflow in its protocol handling routine. By sending a
specially-crafted 'op_connect' request, a remote, unauthenticated
attacker can execute code on the affected host with SYSTEM privileges.
See also :
http://dvlabs.tippingpoint.com/advisory/TPTI-07-11
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
[Non-text portions of this message have been removed]
described below.
Question: Is there a patch that can be applied to Firebird-1.5 (on
Solaris) for fixing this problem?
Thanks.
Description :
The version of Firebird installed on the remote host is vulnerable to
a buffer overflow in its protocol handling routine. By sending a
specially-crafted 'op_connect' request, a remote, unauthenticated
attacker can execute code on the affected host with SYSTEM privileges.
See also :
http://dvlabs.tippingpoint.com/advisory/TPTI-07-11
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
[Non-text portions of this message have been removed]