Subject Patch availability for release 1.5
Author Menashe Sulkies
A security problem was fixed in Firebird-2.0.1. This specific problem is
described below.
Question: Is there a patch that can be applied to Firebird-1.5 (on
Solaris) for fixing this problem?
Thanks.


Description :

The version of Firebird installed on the remote host is vulnerable to
a buffer overflow in its protocol handling routine. By sending a
specially-crafted 'op_connect' request, a remote, unauthenticated
attacker can execute code on the affected host with SYSTEM privileges.

See also :

http://dvlabs.tippingpoint.com/advisory/TPTI-07-11
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf




[Non-text portions of this message have been removed]