CERTA-2004-AVI-181
Vulnerability from certfr_avis

Un utilisateur mal intentionné peut, par une tentative de connexion habilement construite, provoquer un déni de service de la fonction serveur.

Description

Firebird est une version en source ouverte dérivée d'une version d'Interbase mise à disposition par Borland.

Un débordement de mémoire dans la gestion du nom des bases de données peut provoquer un arrêt inopiné du serveur.

Contournement provisoire

Restreindre l'accès au serveur de la base de données à des sites de confiance.

Solution

Mettre à jour en version 1.5 :

http://firebird.sourceforge.net/

Base de données Firebird 1.0.2.

Impacted products
Vendor Product Description
References
Avis de sécurité Secunia None vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eBase de donn\u00e9es Firebird 1.0.2.\u003c/P\u003e",
  "content": "## Description\n\nFirebird est une version en source ouverte d\u00e9riv\u00e9e d\u0027une version\nd\u0027Interbase mise \u00e0 disposition par Borland.\n\nUn d\u00e9bordement de m\u00e9moire dans la gestion du nom des bases de donn\u00e9es\npeut provoquer un arr\u00eat inopin\u00e9 du serveur.\n\n## Contournement provisoire\n\nRestreindre l\u0027acc\u00e8s au serveur de la base de donn\u00e9es \u00e0 des sites de\nconfiance.\n\n## Solution\n\nMettre \u00e0 jour en version 1.5 :\n\n    http://firebird.sourceforge.net/\n",
  "cves": [],
  "initial_release_date": "2004-06-04T00:00:00",
  "last_revision_date": "2004-06-04T00:00:00",
  "links": [],
  "reference": "CERTA-2004-AVI-181",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-06-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Un utilisateur mal intentionn\u00e9 peut, par une tentative de connexion\nhabilement construite, provoquer un d\u00e9ni de service de la fonction\nserveur.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de la base de donn\u00e9es Firebird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Secunia",
      "url": "http://secunia.com/advisories/11756"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.