| Subject | Re: [firebird-support] Patch availability for release 1.5 |
|---|---|
| Author | Helen Borrie |
| Post date | 2008-07-22T11:13:16Z |
At 18:22 22/07/2008, you wrote:
./hb
>A security problem was fixed in Firebird-2.0.1. This specific problem isSolaris, no. Linux, Windows, MacOSX, yes (Firebird 1.5.5).
>described below.
>Question: Is there a patch that can be applied to Firebird-1.5 (on
>Solaris) for fixing this problem?
./hb
>Thanks.
>
>
>Description :
>
>The version of Firebird installed on the remote host is vulnerable to
>a buffer overflow in its protocol handling routine. By sending a
>specially-crafted 'op_connect' request, a remote, unauthenticated
>attacker can execute code on the affected host with SYSTEM privileges.