Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird

• Previous message: Conectiva Updates: "[CLA-2004:843] Conectiva Security Announcement - kde"
• Maybe in reply to: Thierry Carrez: "[ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Next in thread: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Reply: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 May 2004 17:37:54 -0000
To: bugtraq@securityfocus.com

This bug is over 1 year old take a look here
http://www.securityfocus.com/archive/1/321087/2003-05-08/2003-05-14/0

Also includes exploit.

-b0f

Hi bob

>Received: (qmail 26887 invoked from network); 24 May 2004 15:08:38 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
> by mail.securityfocus.com with SMTP; 24 May 2004 15:08:38 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> by outgoing2.securityfocus.com (Postfix) with QMQP
> id DEBEC14370F; Mon, 24 May 2004 17:07:45 -0600 (MDT)
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
>Delivered-To: mailing list bugtraq@securityfocus.com
>Delivered-To: moderator for bugtraq@securityfocus.com
>Received: (qmail 27595 invoked from network); 23 May 2004 05:57:21 -0000
>Message-ID: <40B0954A.6020103@gentoo.org>
>Date: Sun, 23 May 2004 14:12:58 +0200
>From: Thierry Carrez <koon@gentoo.org>
>Organization: Gentoo Linux
>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040327
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: gentoo-announce@lists.gentoo.org
>Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
> security-alerts@linuxsecurity.com
>Subject: [ GLSA 200405-18 ] Buffer Overflow in Firebird
>X-Enigmail-Version: 0.83.3.0
>X-Enigmail-Supports: pgp-inline, pgp-mime
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>Gentoo Linux Security Advisory GLSA 200405-18
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: High
> Title: Buffer Overflow in Firebird
> Date: May 23, 2004
> Bugs: #20837
> ID: 200405-18
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>Synopsis
>========
>
>A buffer overflow via environmental variables in Firebird may allow a
>local user to manipulate or destroy local databases and trojan the
>Firebird binaries.
>
>Background
>==========
>
>Firebird is an open source relational database that runs on Linux,
>Windows, and various UNIX systems.
>
>Affected packages
>=================
>
> -------------------------------------------------------------------
> Package / Vulnerable / Unaffected
> -------------------------------------------------------------------
> 1 dev-db/firebird < 1.5 >= 1.5
>
>Description
>===========
>
>A buffer overflow exists in three Firebird binaries (gds_inet_server,
>gds_lock_mgr, and gds_drop) that is exploitable by setting a large
>value to the INTERBASE environment variable.
>
>Impact
>======
>
>An attacker could control program execution, allowing privilege
>escalation to the UID of Firebird, full access to Firebird databases,
>and trojaning the Firebird binaries. An attacker could use this to
>compromise other user or root accounts.
>
>Workaround
>==========
>
>There is no known workaround.
>
>Resolution
>==========
>
>All users should upgrade to the latest version of Firebird:
>
> # emerge sync
>
> # emerge -pv ">=dev-db/firebird-1.5"
> # emerge ">=dev-db/firebird-1.5"
>
>References
>==========
>
> [ 1 ] Bugtraq Security Announcement
> http://securityfocus.com/bid/7546/info/
> [ 2 ] Sourceforge BugTracker Announcement
>
>http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480
>
>Availability
>============
>
>This GLSA and any updates to it are available for viewing at
>the Gentoo Security Website:
>
> http://security.gentoo.org/glsa/glsa-200405-18.xml
>
>Concerns?
>=========
>
>Security is a primary focus of Gentoo Linux and ensuring the
>confidentiality and security of our users machines is of utmost
>importance to us. Any security concerns should be addressed to
>security@gentoo.org or alternatively, you may file a bug at
>http://bugs.gentoo.org.
>
>License
>=======
>
>Copyright 2004 Gentoo Technologies, Inc; referenced text
>belongs to its owner(s).
>
>The contents of this document are licensed under the
>Creative Commons - Attribution / Share Alike license.
>
>http://creativecommons.org/licenses/by-sa/1.0
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFAsJVJvcL1obalX08RAj+PAKCb9Fd0AtIgaUbIj171XyOS2C1KrwCgli71
>8qHVQCl6dlag+WIA4iPZR7w=
>=zCcg
>-----END PGP SIGNATURE-----
>

• Previous message: Conectiva Updates: "[CLA-2004:843] Conectiva Security Announcement - kde"
• Maybe in reply to: Thierry Carrez: "[ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Next in thread: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Reply: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]