Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0387

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

Published

2008-01-29T02:00:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	firebirdsql	firebird	≤ 1.0.3	Yes
Application	firebirdsql	firebird	< 1.5.6	Yes
Application	firebirdsql	firebird	< 2.0.4	Yes
Application	firebirdsql	firebird	2.1.0	Yes

References

http://secunia.com/advisories/29203 Third Party Advisory ([email protected])
http://secunia.com/advisories/29501 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200803-02.xml Third Party Advisory ([email protected])
http://securityreason.com/securityalert/3580 Third Party Advisory ([email protected])
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 Third Party Advisory ([email protected])
http://tracker.firebirdsql.org/browse/CORE-1681 Vendor Advisory ([email protected])
http://www.coresecurity.com/?action=item&id=2095 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1529 Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/487173/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/27403 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996 Third Party Advisory, VDB Entry ([email protected])
http://secunia.com/advisories/29203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29501 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200803-02.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3580 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://tracker.firebirdsql.org/browse/CORE-1681 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.coresecurity.com/?action=item&id=2095 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1529 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/487173/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27403 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)