Subject Re: [firebird-support] Patch availability for release 1.5
Author Helen Borrie
At 18:22 22/07/2008, you wrote:
>A security problem was fixed in Firebird-2.0.1. This specific problem is
>described below.
>Question: Is there a patch that can be applied to Firebird-1.5 (on
>Solaris) for fixing this problem?

Solaris, no. Linux, Windows, MacOSX, yes (Firebird 1.5.5).


>Description :
>The version of Firebird installed on the remote host is vulnerable to
>a buffer overflow in its protocol handling routine. By sending a
>specially-crafted 'op_connect' request, a remote, unauthenticated
>attacker can execute code on the affected host with SYSTEM privileges.