In-Reply-To: <40B0954A.6020103@xxxxxxxxxx> This bug is over 1 year old take a look here http://www.securityfocus.com/archive/1/321087/2003-05-08/2003-05-14/0 Also includes exploit. -b0f Hi bob >Received: (qmail 26887 invoked from network); 24 May 2004 15:08:38 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 24 May 2004 15:08:38 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id DEBEC14370F; Mon, 24 May 2004 17:07:45 -0600 (MDT) >Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx> >List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx> >List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx> >Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx >Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx >Received: (qmail 27595 invoked from network); 23 May 2004 05:57:21 -0000 >Message-ID: <40B0954A.6020103@xxxxxxxxxx> >Date: Sun, 23 May 2004 14:12:58 +0200 >From: Thierry Carrez <koon@xxxxxxxxxx> >Organization: Gentoo Linux >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040327 >X-Accept-Language: en-us, en >MIME-Version: 1.0 >To: gentoo-announce@xxxxxxxxxxxxxxxx >Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx, > security-alerts@xxxxxxxxxxxxxxxxx >Subject: [ GLSA 200405-18 ] Buffer Overflow in Firebird >X-Enigmail-Version: 0.83.3.0 >X-Enigmail-Supports: pgp-inline, pgp-mime >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >Gentoo Linux Security Advisory GLSA 200405-18 >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: High > Title: Buffer Overflow in Firebird > Date: May 23, 2004 > Bugs: #20837 > ID: 200405-18 > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >Synopsis >======== > >A buffer overflow via environmental variables in Firebird may allow a >local user to manipulate or destroy local databases and trojan the >Firebird binaries. > >Background >========== > >Firebird is an open source relational database that runs on Linux, >Windows, and various UNIX systems. > >Affected packages >================= > > ------------------------------------------------------------------- > Package / Vulnerable / Unaffected > ------------------------------------------------------------------- > 1 dev-db/firebird < 1.5 >= 1.5 > >Description >=========== > >A buffer overflow exists in three Firebird binaries (gds_inet_server, >gds_lock_mgr, and gds_drop) that is exploitable by setting a large >value to the INTERBASE environment variable. > >Impact >====== > >An attacker could control program execution, allowing privilege >escalation to the UID of Firebird, full access to Firebird databases, >and trojaning the Firebird binaries. An attacker could use this to >compromise other user or root accounts. > >Workaround >========== > >There is no known workaround. > >Resolution >========== > >All users should upgrade to the latest version of Firebird: > > # emerge sync > > # emerge -pv ">=dev-db/firebird-1.5" > # emerge ">=dev-db/firebird-1.5" > >References >========== > > [ 1 ] Bugtraq Security Announcement > http://securityfocus.com/bid/7546/info/ > [ 2 ] Sourceforge BugTracker Announcement > >http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480 > >Availability >============ > >This GLSA and any updates to it are available for viewing at >the Gentoo Security Website: > > http://security.gentoo.org/glsa/glsa-200405-18.xml > >Concerns? >========= > >Security is a primary focus of Gentoo Linux and ensuring the >confidentiality and security of our users machines is of utmost >importance to us. Any security concerns should be addressed to >security@xxxxxxxxxx or alternatively, you may file a bug at >http://bugs.gentoo.org. > >License >======= > >Copyright 2004 Gentoo Technologies, Inc; referenced text >belongs to its owner(s). > >The contents of this document are licensed under the >Creative Commons - Attribution / Share Alike license. > >http://creativecommons.org/licenses/by-sa/1.0 > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (GNU/Linux) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQFAsJVJvcL1obalX08RAj+PAKCb9Fd0AtIgaUbIj171XyOS2C1KrwCgli71 >8qHVQCl6dlag+WIA4iPZR7w= >=zCcg >-----END PGP SIGNATURE----- >
