Vulnerability Description
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Firebirdsql | Firebird | 2.1 |
References
- http://osvdb.org/37308
- http://osvdb.org/37309
- http://secunia.com/advisories/29501
- http://securityreason.com/securityalert/2708
- http://www.debian.org/security/2008/dsa-1529
- http://www.securityfocus.com/archive/1/468070/100/0/threaded
- http://www.securityfocus.com/bid/28478
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34201
- http://osvdb.org/37308
- http://osvdb.org/37309
- http://secunia.com/advisories/29501
- http://securityreason.com/securityalert/2708
- http://www.debian.org/security/2008/dsa-1529
- http://www.securityfocus.com/archive/1/468070/100/0/threaded
- http://www.securityfocus.com/bid/28478
FAQ
What is CVE-2007-2606?
CVE-2007-2606 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\c...
How severe is CVE-2007-2606?
CVE-2007-2606 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2606?
Check the references section above for vendor advisories and patch information. Affected products include: Firebirdsql Firebird.