[pkg-firebird-general] Bug#446475: CVE-2007-5245 multiple buffer overflows
Nico Golde
nion at debian.org
Sat Oct 13 11:05:27 UTC 2007
Package: firebird1.5
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird1.5.
CVE-2007-5245[0]:
| Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and
| 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers
| to execute arbitrary code via (1) a long service attach request on TCP
| port 3050 to the SVC_attach function or (2) unspecified vectors
| involving the INET_connect function.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This is fixed in the 2.0 package in unstable.
As far as I can see the fixes for these issues are:
http://firebird.cvs.sourceforge.net/firebird/firebird2/src/remote/inet.cpp?r1=1.122&r2=1.123
and
http://firebird.cvs.sourceforge.net/firebird/firebird2/src/jrd/svc.cpp?r1=1.97&r2=1.98
but please check back with upstream, I might have missed something.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5245
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
More information about the pkg-firebird-general
mailing list