Buffer overflow : Firebird Relational Database CNCT Group Number Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803185

Categoría: Buffer overflow

Título: Firebird Relational Database CNCT Group Number Buffer Overflow Vulnerability - Windows, Active Check

Resumen: Firebird server is prone to a buffer overflow vulnerability.

Descripción: Summary:
Firebird server is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists with a group number extracted from the CNCT
information, which is sent by the client and whose size is not properly checked.

Vulnerability Impact:
Successful exploitation will allow remote attackers to cause
denial of service condition.

Affected Software/OS:
Firebird Server version 2.1.3 to 2.1.5 before 18514 and
2.5.1 to 2.5.3 before 26623.

Solution:
Update to version 2.1.5 Update 1, 2.5.2 Update 1, 2.5.3, 2.1.6
or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2492
BugTraq ID: 58393
http://www.securityfocus.com/bid/58393
Debian Security Information: DSA-2647 (Google Search)
http://www.debian.org/security/2013/dsa-2647
Debian Security Information: DSA-2648 (Google Search)
http://www.debian.org/security/2013/dsa-2648
https://security.gentoo.org/glsa/201512-11
https://gist.github.com/zeroSteiner/85daef257831d904479c
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb
SuSE Security Announcement: openSUSE-SU-2013:0496 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html
SuSE Security Announcement: openSUSE-SU-2013:0504 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803185
Categoría:	Buffer overflow
Título:	Firebird Relational Database CNCT Group Number Buffer Overflow Vulnerability - Windows, Active Check
Resumen:	Firebird server is prone to a buffer overflow vulnerability.
Descripción:	Summary: Firebird server is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw exists with a group number extracted from the CNCT information, which is sent by the client and whose size is not properly checked. Vulnerability Impact: Successful exploitation will allow remote attackers to cause denial of service condition. Affected Software/OS: Firebird Server version 2.1.3 to 2.1.5 before 18514 and 2.5.1 to 2.5.3 before 26623. Solution: Update to version 2.1.5 Update 1, 2.5.2 Update 1, 2.5.3, 2.1.6 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2492 BugTraq ID: 58393 http://www.securityfocus.com/bid/58393 Debian Security Information: DSA-2647 (Google Search) http://www.debian.org/security/2013/dsa-2647 Debian Security Information: DSA-2648 (Google Search) http://www.debian.org/security/2013/dsa-2648 https://security.gentoo.org/glsa/201512-11 https://gist.github.com/zeroSteiner/85daef257831d904479c https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb SuSE Security Announcement: openSUSE-SU-2013:0496 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html SuSE Security Announcement: openSUSE-SU-2013:0504 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html
Copyright	Copyright (C) 2013 Greenbone AG