Firebirdsql : Security Vulnerabilities, CVEs, Published In June 2007
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
Max CVSS
10.0
EPSS Score
32.73%
Published
2007-06-12
Updated
2017-07-29
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
Max CVSS
7.8
EPSS Score
1.07%
Published
2007-06-29
Updated
2008-09-05
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
Max CVSS
5.5
EPSS Score
0.16%
Published
2007-06-29
Updated
2008-09-05
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
Max CVSS
6.8
EPSS Score
0.29%
Published
2007-06-29
Updated
2008-09-05
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-06-29
Updated
2008-09-05
5 vulnerabilities found