--- In firebird-support@yahoogroups.com, Philippe Makowski <makowski@...> wrote:
>
> 2010/5/12 data.inspector <data.inspector@...>
> > My customer did some checking of their firewall and gave me the following message.
> >
> > "Name: Borland Interbase Database Message Handling Buffer Overflow
> > ID: 31633
> >
> > Description: There exists a buffer overflow vulnerability in Borland Interbase Server. The vulnerability is due to lack of boundary protection while processing Connect requests (Opcode 0x01). A remote unauthenticated attacker can send a crafted request to the target host to exploit this vulnerability. Successful attack could allow for arbitrary code beong injected and executed with the privileges of the affected service, which is normally System on Windows platforms.
> >
> > Severity: CRITICAL
> >
> > Bugtraq ID: 29302
> >
> > Reference: http://securia.com/advisories/30299/
> > http://www.coresecurity.com/?action=item&id=2278"
> >
> > Is there a patch for this?
> >
>
> Yes see here :
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467
> that lead to :
> http://tracker.firebirdsql.org/browse/CORE-1603
> so Firebird 1.5.6, 2.0.4 and up, 2.1 and up etc
> don't have this issue
>