Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird
From: b0f www.b0f.net <b0fnet@xxxxxxxxx>
Date: 25 May 2004 17:37:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In-Reply-To: <40B0954A.6020103@xxxxxxxxxx>

This bug is over 1 year old take a look here
http://www.securityfocus.com/archive/1/321087/2003-05-08/2003-05-14/0

Also includes exploit.

-b0f 

Hi bob 

>Received: (qmail 26887 invoked from network); 24 May 2004 15:08:38 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) 
>(205.206.231.26)
>  by mail.securityfocus.com with SMTP; 24 May 2004 15:08:38 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com 
>[205.206.231.20])
>       by outgoing2.securityfocus.com (Postfix) with QMQP
>       id DEBEC14370F; Mon, 24 May 2004 17:07:45 -0600 (MDT)
>Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx>
>List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx>
>List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx>
>Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
>Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
>Received: (qmail 27595 invoked from network); 23 May 2004 05:57:21 -0000
>Message-ID: <40B0954A.6020103@xxxxxxxxxx>
>Date: Sun, 23 May 2004 14:12:58 +0200
>From: Thierry Carrez <koon@xxxxxxxxxx>
>Organization: Gentoo Linux
>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040327
>X-Accept-Language: en-us, en
>MIME-Version: 1.0
>To: gentoo-announce@xxxxxxxxxxxxxxxx
>Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx,
>       security-alerts@xxxxxxxxxxxxxxxxx
>Subject: [ GLSA 200405-18 ] Buffer Overflow in Firebird
>X-Enigmail-Version: 0.83.3.0
>X-Enigmail-Supports: pgp-inline, pgp-mime
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>Gentoo Linux Security Advisory                           GLSA 200405-18
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>                                            http://security.gentoo.org/
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>  Severity: High
>     Title: Buffer Overflow in Firebird
>      Date: May 23, 2004
>      Bugs: #20837
>        ID: 200405-18
>
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>Synopsis
>========
>
>A buffer overflow via environmental variables in Firebird may allow a
>local user to manipulate or destroy local databases and trojan the
>Firebird binaries.
>
>Background
>==========
>
>Firebird is an open source relational database that runs on Linux,
>Windows, and various UNIX systems.
>
>Affected packages
>=================
>
>    -------------------------------------------------------------------
>     Package          /   Vulnerable   /                    Unaffected
>    -------------------------------------------------------------------
>  1  dev-db/firebird         < 1.5                              >= 1.5
>
>Description
>===========
>
>A buffer overflow exists in three Firebird binaries (gds_inet_server,
>gds_lock_mgr, and gds_drop) that is exploitable by setting a large
>value to the INTERBASE environment variable.
>
>Impact
>======
>
>An attacker could control program execution, allowing privilege
>escalation to the UID of Firebird, full access to Firebird databases,
>and trojaning the Firebird binaries. An attacker could use this to
>compromise other user or root accounts.
>
>Workaround
>==========
>
>There is no known workaround.
>
>Resolution
>==========
>
>All users should upgrade to the latest version of Firebird:
>
>    # emerge sync
>
>    # emerge -pv ">=dev-db/firebird-1.5"
>    # emerge ">=dev-db/firebird-1.5"
>
>References
>==========
>
>  [ 1 ] Bugtraq Security Announcement
>        http://securityfocus.com/bid/7546/info/
>  [ 2 ] Sourceforge BugTracker Announcement
>
>http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480
>
>Availability
>============
>
>This GLSA and any updates to it are available for viewing at
>the Gentoo Security Website:
>
>     http://security.gentoo.org/glsa/glsa-200405-18.xml
>
>Concerns?
>=========
>
>Security is a primary focus of Gentoo Linux and ensuring the
>confidentiality and security of our users machines is of utmost
>importance to us. Any security concerns should be addressed to
>security@xxxxxxxxxx or alternatively, you may file a bug at
>http://bugs.gentoo.org.
>
>License
>=======
>
>Copyright 2004 Gentoo Technologies, Inc; referenced text
>belongs to its owner(s).
>
>The contents of this document are licensed under the
>Creative Commons - Attribution / Share Alike license.
>
>http://creativecommons.org/licenses/by-sa/1.0
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
>iD8DBQFAsJVJvcL1obalX08RAj+PAKCb9Fd0AtIgaUbIj171XyOS2C1KrwCgli71
>8qHVQCl6dlag+WIA4iPZR7w=
>=zCcg
>-----END PGP SIGNATURE-----
>

Follow-Ups:
- Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird
  - From: KF (lists)

Prev by Date: [CLA-2004:843] Conectiva Security Announcement - kde
Next by Date: The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada]
Previous by thread: [ GLSA 200405-18 ] Buffer Overflow in Firebird
Next by thread: Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird
Index(es):
- Date
- Thread