|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200405-18] Buffer Overflow in Firebird Vulnerability Scan
Vulnerability Scan Summary
Buffer Overflow in Firebird
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200405-18
(Buffer Overflow in Firebird)
A buffer overflow exists in three Firebird binaries (gds_inet_server,
gds_lock_mgr, and gds_drop) that is exploitable by setting a large value to
the INTERBASE environment variable.
Impact
A possible hacker could control program execution, allowing privilege escalation
to the UID of Firebird, full access to Firebird databases, and trojaning
the Firebird binaries. A possible hacker could use this to compromise other user
or root accounts.
Workaround
There is no known workaround.
References:
http://securityfocus.com/bid/7546/info/
http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480
Solution:
All users should upgrade to the latest version of Firebird:
# emerge sync
# emerge -pv ">=dev-db/firebird-1.5"
# emerge ">=dev-db/firebird-1.5"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
