Vulnerability Description
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Borland Software | Interbase | 4.0 |
| Borland Software | Interbase Superserver | 6.0 |
| Firebirdsql | Firebird | 1.0 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html
- http://marc.info/?l=bugtraq&m=108611386202493&w=2
- http://secunia.com/advisories/11756PatchVendor Advisory
- http://secunia.com/advisories/19350
- http://securitytracker.com/id?1010381
- http://www.debian.org/security/2006/dsa-1014
- http://www.osvdb.org/6408Vendor Advisory
- http://www.osvdb.org/6624
- http://www.securiteam.com/unixfocus/5AP0P0UCUO.htmlExploitVendor Advisory
- http://www.securityfocus.com/bid/10446ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16316
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html
- http://marc.info/?l=bugtraq&m=108611386202493&w=2
- http://secunia.com/advisories/11756PatchVendor Advisory
FAQ
What is CVE-2004-2043?
CVE-2004-2043 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (...
How severe is CVE-2004-2043?
CVE-2004-2043 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2043?
Check the references section above for vendor advisories and patch information. Affected products include: Borland Software Interbase, Borland Software Interbase Superserver, Firebirdsql Firebird.