| Subject | Re: [firebird-support] Re: Firebird 1.5 Log in error |
|---|---|
| Author | Philippe Makowski |
| Post date | 2010-05-12T21:10:44Z |
2010/5/12 data.inspector <data.inspector@...>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467
that lead to :
http://tracker.firebirdsql.org/browse/CORE-1603
so Firebird 1.5.6, 2.0.4 and up, 2.1 and up etc
don't have this issue
> My customer did some checking of their firewall and gave me the following message.Yes see here :
>
> "Name: Borland Interbase Database Message Handling Buffer Overflow
> ID: 31633
>
> Description: There exists a buffer overflow vulnerability in Borland Interbase Server. The vulnerability is due to lack of boundary protection while processing Connect requests (Opcode 0x01). A remote unauthenticated attacker can send a crafted request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code beong injected and executed with the privileges of the affected service, which is normally System on Windows platforms.
>
> Severity: CRITICAL
>
> Bugtraq ID: 29302
>
> Reference: http://securia.com/advisories/30299/
> http://www.coresecurity.com/?action=item&id=2278"
>
> Is there a patch for this?
>
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467
that lead to :
http://tracker.firebirdsql.org/browse/CORE-1603
so Firebird 1.5.6, 2.0.4 and up, 2.1 and up etc
don't have this issue