Description
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
Affected products
- bakbone / netvault6.x – 6.x
- FirebirdSQL / firebird2.0.0
References
- MISChttp://www.securityfocus.com/bid/24436
- MISChttp://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
- MISChttp://osvdb.org/37231
- VENDOR_ADVISORYhttp://secunia.com/advisories/25601
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34833
- MISChttp://dvlabs.tippingpoint.com/advisory/TPTI-07-11
- MISChttp://security.gentoo.org/glsa/glsa-200707-01.xml
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/2149
- VENDOR_ADVISORYhttp://secunia.com/advisories/29501
- VENDOR_ADVISORYhttp://secunia.com/advisories/25872
- VENDOR_ADVISORYhttp://www.debian.org/security/2008/dsa-1529