CVE-2008-0387 | Vulnerability Database | Aqua Security

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

Affected Software

Name	Vendor	Start Version	End Version
Firebird	Firebirdsql	*	1.0.3 (including)
Firebird	Firebirdsql	1.5 (including)	1.5.6 (excluding)
Firebird	Firebirdsql	2.0.0 (including)	2.0.4 (excluding)
Firebird	Firebirdsql	2.1.0 (including)	2.1.0 (including)
Firebird2	Ubuntu	dapper	*
Firebird2	Ubuntu	edgy	*
Firebird2	Ubuntu	feisty	*
Firebird2	Ubuntu	upstream	*
Firebird2.0	Ubuntu	devel	*
Firebird2.0	Ubuntu	gutsy	*
Firebird2.0	Ubuntu	hardy	*
Firebird2.0	Ubuntu	intrepid	*
Firebird2.0	Ubuntu	jaunty	*
Firebird2.0	Ubuntu	karmic	*
Firebird2.0	Ubuntu	upstream	*

References

http://secunia.com/advisories/29203
http://secunia.com/advisories/29501
http://security.gentoo.org/glsa/glsa-200803-02.xml
http://securityreason.com/securityalert/3580
http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800
http://tracker.firebirdsql.org/browse/CORE-1681
http://www.coresecurity.com/?action=item\u0026id=2095
http://www.debian.org/security/2008/dsa-1529
http://www.securityfocus.com/archive/1/487173/100/0/threaded
http://www.securityfocus.com/bid/27403
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996
http://secunia.com/advisories/29203
http://secunia.com/advisories/29501
http://security.gentoo.org/glsa/glsa-200803-02.xml
http://securityreason.com/securityalert/3580
http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800
http://tracker.firebirdsql.org/browse/CORE-1681
http://www.coresecurity.com/?action=item\u0026id=2095
http://www.debian.org/security/2008/dsa-1529
http://www.securityfocus.com/archive/1/487173/100/0/threaded
http://www.securityfocus.com/bid/27403
https://exchange.xforce.ibmcloud.com/vulnerabilities/39996

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0387
CWE	https://cwe.mitre.org/data/definitions/189.html