[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40B54C5F.6050606@secnetops.com>
Date: Wed, 26 May 2004 22:03:11 -0400
From: "KF (lists)" <kf_lists@...netops.com>
To: bugtraq@...urityfocus.com
Subject: Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird
Actually its more like 2 years old...
http://www.securiteam.com/unixfocus/5CP0S0U7FG.html
http://seclists.org/lists/bugtraq/2002/Jun/0212.html
I found that AGES ago. Hell I even sat on it 6 months while attempting
to get Borland to wake up (with out success).
Better late than never I guess.
-KF
b0f www.b0f.net wrote:
>In-Reply-To: <40B0954A.6020103@...too.org>
>
>This bug is over 1 year old take a look here
>http://www.securityfocus.com/archive/1/321087/2003-05-08/2003-05-14/0
>
>Also includes exploit.
>
>-b0f
>
>Hi bob
>
>
>
>>Received: (qmail 26887 invoked from network); 24 May 2004 15:08:38 -0000
>>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
>> by mail.securityfocus.com with SMTP; 24 May 2004 15:08:38 -0000
>>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
>> by outgoing2.securityfocus.com (Postfix) with QMQP
>> id DEBEC14370F; Mon, 24 May 2004 17:07:45 -0600 (MDT)
>>Mailing-List: contact bugtraq-help@...urityfocus.com; run by ezmlm
>>Precedence: bulk
>>List-Id: <bugtraq.list-id.securityfocus.com>
>>List-Post: <mailto:bugtraq@...urityfocus.com>
>>List-Help: <mailto:bugtraq-help@...urityfocus.com>
>>List-Unsubscribe: <mailto:bugtraq-unsubscribe@...urityfocus.com>
>>List-Subscribe: <mailto:bugtraq-subscribe@...urityfocus.com>
>>Delivered-To: mailing list bugtraq@...urityfocus.com
>>Delivered-To: moderator for bugtraq@...urityfocus.com
>>Received: (qmail 27595 invoked from network); 23 May 2004 05:57:21 -0000
>>Message-ID: <40B0954A.6020103@...too.org>
>>Date: Sun, 23 May 2004 14:12:58 +0200
>>From: Thierry Carrez <koon@...too.org>
>>Organization: Gentoo Linux
>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040327
>>X-Accept-Language: en-us, en
>>MIME-Version: 1.0
>>To: gentoo-announce@...ts.gentoo.org
>>Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com,
>> security-alerts@...uxsecurity.com
>>Subject: [ GLSA 200405-18 ] Buffer Overflow in Firebird
>>X-Enigmail-Version: 0.83.3.0
>>X-Enigmail-Supports: pgp-inline, pgp-mime
>>Content-Type: text/plain; charset=us-ascii
>>Content-Transfer-Encoding: 7bit
>>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>Gentoo Linux Security Advisory GLSA 200405-18
>>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> http://security.gentoo.org/
>>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>
>> Severity: High
>> Title: Buffer Overflow in Firebird
>> Date: May 23, 2004
>> Bugs: #20837
>> ID: 200405-18
>>
>>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>
>>Synopsis
>>========
>>
>>A buffer overflow via environmental variables in Firebird may allow a
>>local user to manipulate or destroy local databases and trojan the
>>Firebird binaries.
>>
>>Background
>>==========
>>
>>Firebird is an open source relational database that runs on Linux,
>>Windows, and various UNIX systems.
>>
>>Affected packages
>>=================
>>
>> -------------------------------------------------------------------
>> Package / Vulnerable / Unaffected
>> -------------------------------------------------------------------
>> 1 dev-db/firebird < 1.5 >= 1.5
>>
>>Description
>>===========
>>
>>A buffer overflow exists in three Firebird binaries (gds_inet_server,
>>gds_lock_mgr, and gds_drop) that is exploitable by setting a large
>>value to the INTERBASE environment variable.
>>
>>Impact
>>======
>>
>>An attacker could control program execution, allowing privilege
>>escalation to the UID of Firebird, full access to Firebird databases,
>>and trojaning the Firebird binaries. An attacker could use this to
>>compromise other user or root accounts.
>>
>>Workaround
>>==========
>>
>>There is no known workaround.
>>
>>Resolution
>>==========
>>
>>All users should upgrade to the latest version of Firebird:
>>
>> # emerge sync
>>
>> # emerge -pv ">=dev-db/firebird-1.5"
>> # emerge ">=dev-db/firebird-1.5"
>>
>>References
>>==========
>>
>> [ 1 ] Bugtraq Security Announcement
>> http://securityfocus.com/bid/7546/info/
>> [ 2 ] Sourceforge BugTracker Announcement
>>
>>http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480
>>
>>Availability
>>============
>>
>>This GLSA and any updates to it are available for viewing at
>>the Gentoo Security Website:
>>
>> http://security.gentoo.org/glsa/glsa-200405-18.xml
>>
>>Concerns?
>>=========
>>
>>Security is a primary focus of Gentoo Linux and ensuring the
>>confidentiality and security of our users machines is of utmost
>>importance to us. Any security concerns should be addressed to
>>security@...too.org or alternatively, you may file a bug at
>>http://bugs.gentoo.org.
>>
>>License
>>=======
>>
>>Copyright 2004 Gentoo Technologies, Inc; referenced text
>>belongs to its owner(s).
>>
>>The contents of this document are licensed under the
>>Creative Commons - Attribution / Share Alike license.
>>
>>http://creativecommons.org/licenses/by-sa/1.0
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.2.4 (GNU/Linux)
>>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>>iD8DBQFAsJVJvcL1obalX08RAj+PAKCb9Fd0AtIgaUbIj171XyOS2C1KrwCgli71
>>8qHVQCl6dlag+WIA4iPZR7w=
>>=zCcg
>>-----END PGP SIGNATURE-----
>>
>>
>>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists