CVE-2008-0387

Vulnerability Description

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://secunia.com/advisories/29203Third Party Advisory
• http://secunia.com/advisories/29501Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200803-02.xmlThird Party Advisory
• http://securityreason.com/securityalert/3580Third Party Advisory
• http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800Third Party Advisory
• http://tracker.firebirdsql.org/browse/CORE-1681Vendor Advisory
• http://www.coresecurity.com/?action=item&id=2095Third Party Advisory
• http://www.debian.org/security/2008/dsa-1529Third Party Advisory
• http://www.securityfocus.com/archive/1/487173/100/0/threadedThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/bid/27403Third Party AdvisoryVDB Entry
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39996Third Party AdvisoryVDB Entry
• http://secunia.com/advisories/29203Third Party Advisory
• http://secunia.com/advisories/29501Third Party Advisory
• http://security.gentoo.org/glsa/glsa-200803-02.xmlThird Party Advisory
• http://securityreason.com/securityalert/3580Third Party Advisory