Bug#441405: Several Firebird vulnerabilities discovered

Sun, 09 Sep 2007 07:19:23 -0700 

Package: firebird2.0
Severity: grave
Tags: security


Hi,

Several new vulnerabilities have been discovered and fixed in Firebird. The 
following are reported:

CVE-2007-3527: Integer overflow in Firebird 2.0.0 allows remote authenticated 
users to cause a denial of service (CPU consumption) via certain database 
operations with multi-byte character sets that trigger an attempt to use the 
value 65536 for a 16-bit integer, which is treated as 0 and causes an 
infinite loop on zero-length data.

CVE-2007-4664: Unspecified vulnerability in the (1) attach database and (2) 
create database functionality in Firebird before 2.0.2, when a filename 
exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.

CVE-2007-4665: Unspecified vulnerability in the server in Firebird before 
2.0.2 allows remote attackers to cause a denial of service (daemon crash) via 
an XNET session that makes multiple simultaneous requests to register events, 
aka CORE-1403.

CVE-2007-4666: Unspecified vulnerability in the server in Firebird before 
2.0.2, when a Superserver/TCP/IP environment is configured, allows remote 
attackers to cause a denial of service (CPU and memory consumption) 
via "large network packets with garbage", aka CORE-1397. 

CVE-2007-4667: Unspecified vulnerability in the Services API in Firebird 
before 2.0.2 allows remote attackers to cause a denial of service, aka 
CORE-1149.

CVE-2007-4668: Unspecified vulnerability in the server in Firebird before 
2.0.2 allows remote attackers to determine the existence of arbitrary files, 
and possibly obtain other "file access," via unknown vectors, aka CORE-1312.

CVE-2007-4669: The Services API in Firebird before 2.0.2 allows remote 
authenticated users without SYSDBA privileges to read the server log 
(firebird.log), aka CORE-1148.

Please see:

http://security-tracker.debian.net/tracker/source-package/firebird2.0
http://security-tracker.debian.net/tracker/source-package/firebird2
http://security-tracker.debian.net/tracker/source-package/firebird1.5

and the links from there, for detailed information on these issues.

As I see it, these are all or mostly all fixed upstream. For unstable, you 
could therefore probably suffice with uploading this new upstream release. 
Please mention any CVE id's when fixing these issues. 

For sarge and etch, it needs to be verified which ones apply and how they can 
be fixed.



thanks
Thijs

Attachment: pgpsR1I12nNQN.pgp
Description: PGP signature

Reply via email to