Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird

• Previous message: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• In reply to: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 26 May 2004 22:10:21 -0400
To: bugtraq@securityfocus.com

If you guys are bored you may make sure that the FireBird Team fixed
this one too...
http://www.mail-archive.com/bugtraq@securityfocus.com/msg11512.html

-KF

KF (lists) wrote:

> Actually its more like 2 years old...
>
> http://www.securiteam.com/unixfocus/5CP0S0U7FG.html
> http://seclists.org/lists/bugtraq/2002/Jun/0212.html
>
> I found that AGES ago. Hell I even sat on it 6 months while attempting
> to get Borland to wake up (with out success).
>
> Better late than never I guess.
>
> -KF
>
>
> b0f www.b0f.net wrote:
>
>> In-Reply-To: <40B0954A.6020103@gentoo.org>
>>
>> This bug is over 1 year old take a look here
>> http://www.securityfocus.com/archive/1/321087/2003-05-08/2003-05-14/0
>>
>> Also includes exploit.
>>
>> -b0f
>> Hi bob
>>
>>
>>> Received: (qmail 26887 invoked from network); 24 May 2004 15:08:38
>>> -0000
>>> Received: from outgoing.securityfocus.com (HELO
>>> outgoing2.securityfocus.com) (205.206.231.26)
>>> by mail.securityfocus.com with SMTP; 24 May 2004 15:08:38 -0000
>>> Received: from lists2.securityfocus.com (lists2.securityfocus.com
>>> [205.206.231.20])
>>> by outgoing2.securityfocus.com (Postfix) with QMQP
>>> id DEBEC14370F; Mon, 24 May 2004 17:07:45 -0600 (MDT)
>>> Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>>> Precedence: bulk
>>> List-Id: <bugtraq.list-id.securityfocus.com>
>>> List-Post: <mailto:bugtraq@securityfocus.com>
>>> List-Help: <mailto:bugtraq-help@securityfocus.com>
>>> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
>>> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
>>> Delivered-To: mailing list bugtraq@securityfocus.com
>>> Delivered-To: moderator for bugtraq@securityfocus.com
>>> Received: (qmail 27595 invoked from network); 23 May 2004 05:57:21
>>> -0000
>>> Message-ID: <40B0954A.6020103@gentoo.org>
>>> Date: Sun, 23 May 2004 14:12:58 +0200
>>> From: Thierry Carrez <koon@gentoo.org>
>>> Organization: Gentoo Linux
>>> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
>>> Gecko/20040327
>>> X-Accept-Language: en-us, en
>>> MIME-Version: 1.0
>>> To: gentoo-announce@lists.gentoo.org
>>> Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
>>> security-alerts@linuxsecurity.com
>>> Subject: [ GLSA 200405-18 ] Buffer Overflow in Firebird
>>> X-Enigmail-Version: 0.83.3.0
>>> X-Enigmail-Supports: pgp-inline, pgp-mime
>>> Content-Type: text/plain; charset=us-ascii
>>> Content-Transfer-Encoding: 7bit
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - -
>>> Gentoo Linux Security Advisory GLSA 200405-18
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - -
>>> http://security.gentoo.org/
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - -
>>>
>>> Severity: High
>>> Title: Buffer Overflow in Firebird
>>> Date: May 23, 2004
>>> Bugs: #20837
>>> ID: 200405-18
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - -
>>>
>>> Synopsis
>>> ========
>>>
>>> A buffer overflow via environmental variables in Firebird may allow a
>>> local user to manipulate or destroy local databases and trojan the
>>> Firebird binaries.
>>>
>>> Background
>>> ==========
>>>
>>> Firebird is an open source relational database that runs on Linux,
>>> Windows, and various UNIX systems.
>>>
>>> Affected packages
>>> =================
>>>
>>> -------------------------------------------------------------------
>>> Package / Vulnerable / Unaffected
>>> -------------------------------------------------------------------
>>> 1 dev-db/firebird < 1.5 >= 1.5
>>>
>>> Description
>>> ===========
>>>
>>> A buffer overflow exists in three Firebird binaries (gds_inet_server,
>>> gds_lock_mgr, and gds_drop) that is exploitable by setting a large
>>> value to the INTERBASE environment variable.
>>>
>>> Impact
>>> ======
>>>
>>> An attacker could control program execution, allowing privilege
>>> escalation to the UID of Firebird, full access to Firebird databases,
>>> and trojaning the Firebird binaries. An attacker could use this to
>>> compromise other user or root accounts.
>>>
>>> Workaround
>>> ==========
>>>
>>> There is no known workaround.
>>>
>>> Resolution
>>> ==========
>>>
>>> All users should upgrade to the latest version of Firebird:
>>>
>>> # emerge sync
>>>
>>> # emerge -pv ">=dev-db/firebird-1.5"
>>> # emerge ">=dev-db/firebird-1.5"
>>>
>>> References
>>> ==========
>>>
>>> [ 1 ] Bugtraq Security Announcement
>>> http://securityfocus.com/bid/7546/info/
>>> [ 2 ] Sourceforge BugTracker Announcement
>>>
>>> http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480
>>>
>>>
>>> Availability
>>> ============
>>>
>>> This GLSA and any updates to it are available for viewing at
>>> the Gentoo Security Website:
>>>
>>> http://security.gentoo.org/glsa/glsa-200405-18.xml
>>>
>>> Concerns?
>>> =========
>>>
>>> Security is a primary focus of Gentoo Linux and ensuring the
>>> confidentiality and security of our users machines is of utmost
>>> importance to us. Any security concerns should be addressed to
>>> security@gentoo.org or alternatively, you may file a bug at
>>> http://bugs.gentoo.org.
>>>
>>> License
>>> =======
>>>
>>> Copyright 2004 Gentoo Technologies, Inc; referenced text
>>> belongs to its owner(s).
>>>
>>> The contents of this document are licensed under the
>>> Creative Commons - Attribution / Share Alike license.
>>>
>>> http://creativecommons.org/licenses/by-sa/1.0
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.2.4 (GNU/Linux)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>>
>>> iD8DBQFAsJVJvcL1obalX08RAj+PAKCb9Fd0AtIgaUbIj171XyOS2C1KrwCgli71
>>> 8qHVQCl6dlag+WIA4iPZR7w=
>>> =zCcg
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>
>>
>>
>>
>

• Previous message: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• In reply to: KF (lists): "Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1933 - 20 msgs ... read from multiple peoples articles that it isn't this kind of bug. ... HTTP Response Splitting and SQL injection in megabbs forum ... I don't do it out in the public lists ... (Full-Disclosure) [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1933 - 20 msgs ... read from multiple peoples articles that it isn't this kind of bug. ... > that about how bad Windows sucks from people who don't know enough about how ... I don't do it out in the public lists like ... >>because you have a bug up your bum about it and work to prove that stance. ... (Full-Disclosure) Spam or not? Extracted from Re: php extensions compile error - another compile bug? ... Re: php extensions compile error - another compile bug?: ... haf been helpful while his first and only response was to chide me for NOT ... >> resourceful turn to the appropriate mailing lists. ... You are right I should have cc'd that email to the maintainer tofreebsd ports ... (freebsd-questions) Re: zero knowledge proof for large lists ... > Alice and Bob have two lists S and T. Both lists contain a large amount ... Alice and Bob want to ... This shows a truly zero-knowledge version, unlike your own protocol. ... (sci.crypt) Re: This Crashes RosAsm ... They have posted Lists of Labels. ... I perfectely know how RosAsm works. ... I can't fix a bug that does not exist. ... (alt.lang.asm)