CVE-2014-9323
https://notcve.org/view.php?id=CVE-2014-9323
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. La función xdr_status_vector en Firebird anterior a 2.1.7 y 2.5.x anterior a 2.5.3 SU1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo, fallo de segmentación y caída) a través de una acción op_response con un estado 'no vacío'. • http://advisories.mageia.org/MGASA-2014-0523.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html http://tracker.firebirdsql.org/browse/CORE-4630 http://www.debian.org/security/2014/dsa-3109 http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011 http://www.mandriva.com/security/advisories?name=MDVSA-2015:172 https://usn.ubuntu.com/3929-1 • CWE-476: NULL Pointer Dereference •
CVE-2009-2620 – Firebird SQL - op_connect_request main listener shutdown
https://notcve.org/view.php?id=CVE-2009-2620
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. src/remote/server.cpp en fbserver.exe en Firebird SQL v1.5 anterior a v1.5.6, v2.0 anterior a v2.0.6, v2.1 anterior a v2.1.3, y v2.5 anterior a v2.5 Beta 2, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) a través de un mensaje op_connect_request mal formado que provoca un bucle infinito o una deferencia a puntero NULL. • https://www.exploit-db.com/exploits/9295 http://tracker.firebirdsql.org/browse/CORE-2563 http://www.coresecurity.com/content/firebird-sql-dos http://www.exploit-db.com/exploits/9295 http://www.securityfocus.com/bid/35842 https://bugzilla.redhat.com/show_bug.cgi?id=514463 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html • CWE-20: Improper Input Validation •
CVE-2008-0387 – Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2008-0387
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. Desbordamiento de entero en Firebird SQL 1.0.3 y versiones anteriores, 1.5.x versiones anteriores a 1.5.6, 2.0.x versiones anteriores a 2.0.4, y 2.1.x versiones anteriores a 2.1.0 RC1, podría permitir a atacantes remotos ejecutar código de su elección mediante peticiones manipuladas (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, y (6) op_start_send_and_receive XDR, que disparan corrupción de memoria. • https://www.exploit-db.com/exploits/31050 http://secunia.com/advisories/29203 http://secunia.com/advisories/29501 http://security.gentoo.org/glsa/glsa-200803-02.xml http://securityreason.com/securityalert/3580 http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 http://tracker.firebirdsql.org/browse/CORE-1681 http://www.coresecurity.com/?action=item&id=2095 http://www.debian.org/security/2008/dsa-1529 http://www.securityfocus.com/archive/1/487173/100 • CWE-189: Numeric Errors •