LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

firebird: multiple vulnerabilities

Package(s):firebird CVE #(s):CVE-2008-0387 CVE-2008-0467
Created:March 3, 2008 Updated:March 27, 2008
Description: From the Gentoo advisory:

Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow (CVE-2008-0387). Furthermore, it is vulnerable to a buffer overflow when processing usernames (CVE-2008-0467).

A remote attacker could send specially crafted XDR requests or an overly long username to the vulnerable server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.

Alerts:
Gentoo 200803-02 2008-03-02
Debian DSA-1529-1 2008-03-24
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.