Package: firebird1.5
Severity: normal
Tags: security

These issues are reported to be fixed in 2.0, but I can't find any references in
the changelogs that they are fixed in 1.5:


CVE-2006-7214

Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to
(1) cause a denial of service (application crash) by sending many remote
protocol versions; and (2) cause a denial of service (connection drop) via
certain network traffic, as demonstrated by Nessus vulnerability scanning.

CVE-2006-7213

Firebird 1.5 allows remote authenticated users without SYSDBA and owner
permissions to overwrite a database by creating a database.

CVE-2006-7212

Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have
unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.

CVE-2006-7211

fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore
array, which allows local users to cause a denial of service (blocked query
processing) by locking semaphores.



http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7211
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7212
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7213
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7214


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to