Package: firebird1.5 Severity: normal Tags: security
These issues are reported to be fixed in 2.0, but I can't find any references in the changelogs that they are fixed in 1.5: CVE-2006-7214 Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning. CVE-2006-7213 Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. CVE-2006-7212 Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. CVE-2006-7211 fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7211 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7212 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7213 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7214 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

