CVE-2007-3181
Firebird SQL Fbserver 2.0 - Remote Buffer Overflow
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
Desbordamiento de búfer en fbserver.exe de Firebird SQL 2 before 2.0.1 permite a atacantes remotos ejecutar código de su elección mediante un valor p_cnct_count grande en una estructura p_cnct structure en una petición de conexión (0x01) al puerto 3050/tcp, relacionado con "una versión InterBase de gds32.dll".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-06-12 CVE Reserved
- 2007-06-12 CVE Published
- 2007-06-12 First Exploit
- 2024-08-07 CVE Updated
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/37231 | Vdb Entry | |
| http://secunia.com/advisories/25872 | Third Party Advisory | |
| http://secunia.com/advisories/29501 | Third Party Advisory | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2007/2149 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34833 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30186 | 2007-06-12 | |
| http://www.securityfocus.com/bid/24436 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25601 | 2017-07-29 |
| URL | Date | SRC |
|---|---|---|
| http://dvlabs.tippingpoint.com/advisory/TPTI-07-11 | 2017-07-29 | |
| http://security.gentoo.org/glsa/glsa-200707-01.xml | 2017-07-29 | |
| http://www.debian.org/security/2008/dsa-1529 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bakbone Search vendor "Bakbone" | Netvault Search vendor "Bakbone" for product "Netvault" | 6.x Search vendor "Bakbone" for product "Netvault" and version "6.x" | - |
Affected
| ||||||
| Firebirdsql Search vendor "Firebirdsql" | Firebird Search vendor "Firebirdsql" for product "Firebird" | <= 2.0.0 Search vendor "Firebirdsql" for product "Firebird" and version " <= 2.0.0" | - |
Affected
| ||||||