| Name | CVE-2008-0387 |
| Description | Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1529-1 |
| Debian Bugs | 460048 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firebird2 | source | (unstable) | (unfixed) | |||
| firebird2.0 | source | lenny | 2.0.3.12981.ds1-1+lenny1 | |||
| firebird2.0 | source | (unstable) | 2.0.3.12981.ds1-4 | 460048 |
[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)