| Name | Firebird.Database.XDR.Protocol.Memory.Corruption |
| Release Date | Jan 30, 2008 |
| Severity | High |
| Impact | System Compromise: remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a memory corruption vulnerability in Firebird SQL.
There is a vulnerability in Firebird SQL that may allow remote attackers to trigger memory corruption. It can be exploited via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, or (6) op_start_send_and_receive XDR requests. |
| Affected Products | Firebird SQL 1.0.3 and before.
Firebird SQL 1.5.5 and before.
Firebird SQL 2.0.3 and before.
Firebird SQL 2.1.0 Beta 2 and before. |
| Recommended Actions | Upgrade to the latest version.
Firebird SQL 1.5.6 (to be released)
Firebird SQL 2.0.4 (to be released)
Firebird SQL 2.1.0 RC1 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0387
|
| Reference/s | http://www.securityfocus.com/bid/27403 (BugTraq)
http://www.coresecurity.com/?action=item&id=2095
|