sorted by: recent | see :
popular
Content Tagged with Firebird + Security
Another Interbase Security Issue found first in Firebird
The other day another security issue (this sort of thing happens to the best of them) in Interbase that was fixed in January in Firebird already.
More rants on this page http://pooteeweet.org/blog/0/1118
remember to upgrade to firebird 2.0.4 or firebird2.1
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0467
Security vulnerability in Borland InterBase
A security vulnerability discovered early this year in open source database Firebird also affects Borland’s InterBase. The security vulnerability allows …
firebird2.1 security bug is now fixed in debian experimental
The security bug is now fixed in debian experimental
and here is the changelog
firebird2.0 security bug is now fixed in debian/gentoo
There is an grave security bug in firebird package 2.0 from debian and ubuntu
where an user can connect to the server with SYSDBA and NO password
The bug is now fixed in debian sid (unstable)
http://packages.debian.org/sid/firebird2.0-super
and here is the changelog
firebird2.0-super.init: stop exporting ISC_USER and ISC_PASSWORD.
Fixes a hole causing remote connections as user SYSDBA to succeed
without giving a [...]
New Firebird packages fix several vulnerabilities in debian
This Debian security advisory is a bit unusual. While it’s normally
our strict policy to backport security bugfixes to older releases, this
turned out to be infeasible for Firebird 1.5 due to large infrastructural
changes necessary to fix these issues. As a consequence security support
for Firebird 1.5 is hereby discontinued, leaving two options to
administrators running a Firebird database:
I. [...]
Firebird remote BOF POC
Firebird Remove Buffer Overflow Proof of concept was posted on BugTraq
The bug is the one fixed in the next stable releases and is not present in firebird 2.1 rc1& rc2 here is the description:
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow [...]
firebird gentoo linux package updated
Here is the full change log with security fixes for 2.0.x in gentoo portage system
firebird 2.0.3 fixed security in bsd ports
Fixed security2.fdb while installing from bsd package
(it had wrong permissions )
Firebird Relational Database ‘protocol.cpp’ XDR Protocol Remote Memory Corruption Vulnerability
Firebird is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren’t overrun. Attackers may exploit this issue to overflow a buffer and to corrupt process memory.
Attackers may be able to execute arbitrary machine code in the context of an affected application. Failed exploit attempts will likely result in a denial-of-service [...]
Security
firebird
news
developer
Articles
Technical
integer-overflow
Oops, Look At That Phoenix, Rising From The Ashes
In a story headlined, “Open Source Code Contains Security Holes,” I referred recently to the Firebird database project as “somewhat moribund.” So imagine my surprise when a reader pointed out it was named project of the month in December by SourceForge, the dominant host of open source projects. Geez. Then there was the [...]
Firebird is alive and secure
The following was sent to Charles Babcock at Information week in reply to an article entitled:
Open Source Code Contains Security Holes
As a developer and administrator of the Firebird Project I completely reject the statement you made in the above article.
“The somewhat moribund Firebird project, for example, is listed with 195 identified defects, of which it [...]
