BID:25497

Firebird Multiple Vulnerabilities

Info

Firebird Multiple Vulnerabilities

Bugtraq ID:	25497
Class:	Unknown
CVE:	CVE-2007-4665 CVE-2007-4666 CVE-2007-4667 CVE-2007-4668 CVE-2007-4669 CVE-2007-4664
Remote:	Yes
Local:	No
Published:	Aug 30 2007 12:00AM
Updated:	Jul 05 2016 10:00PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Firebird Firebird 2.0.1 Firebird Firebird 1.5.3 Firebird Firebird 1.5.2 Firebird Firebird 1.5.1 Firebird Firebird 1.5 Firebird Firebird 1.0.2 + FreeBSD FreeBSD 4.7 Firebird Firebird 1.0 Firebird Firebird 0.9 -3 Firebird Firebird 2.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

Not Vulnerable:	Firebird Firebird 2.0.2

Discussion

Firebird Multiple Vulnerabilities

Firebird is prone to multiple vulnerabilities, including denial-of-service issues, an information-disclosure issue, and a buffer-overflow issue.

Attackers can exploit these issues to crash the application, exhaust system resources, and obtain potentially sensitive information.

Versions prior to Firebird 2.0.2 are vulnerable.

Exploit / POC

Firebird Multiple Vulnerabilities

Some of these issues may not require specific exploit code.

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Firebird Multiple Vulnerabilities

Solution:
The vendor released Firebird 2.0.2 to address these issues. Please see the references for more information.

Firebird Firebird 2.0