Firebird username buffer overflow

Added: 02/11/2008
CVE: CVE-2008-0467
BID: 27467
OSVDB: 40924

Background

Firebird is a freely available relational database which is available for multiple platforms.

Problem

A buffer overflow vulnerability in Firebird allows remote, unauthenticated attackers to execute arbitrary commands by sending a long, specially crafted username.

Resolution

Upgrade to Firebird 2.1 RC1 or higher.

References

http://secunia.com/advisories/28596

Limitations

Exploit works on Firebird 2.0.3.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index