CVE-2008-0387

NameCVE-2008-0387
DescriptionInteger overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1529-1
NVD severityhigh (attack range: remote)
Debian Bugs460048

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firebird2source(unstable)(unfixed)high
firebird2.0source(unstable)2.0.3.12981.ds1-4high460048
firebird2.0sourcelenny2.0.3.12981.ds1-1+lenny1high

Notes

[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)

Search for package or bug name: Reporting problems