CVE-2008-0387: Integer Overflow
First published: Tue Jan 29 2008(Updated: )
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FirebirdSQL | <=1.0.3 | |
| FirebirdSQL | >=2.0.0<2.0.4 | |
| FirebirdSQL | =2.1.0 | |
| FirebirdSQL | >=1.5<1.5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.coresecurity.com/?action=item&id=2095
- http://tracker.firebirdsql.org/browse/CORE-1681
- http://www.securityfocus.com/bid/27403
- http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
- http://security.gentoo.org/glsa/glsa-200803-02.xml
- http://secunia.com/advisories/29203
- http://www.debian.org/security/2008/dsa-1529
- http://secunia.com/advisories/29501
- http://securityreason.com/securityalert/3580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39996
- http://www.securityfocus.com/archive/1/487173/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0387?
CVE-2008-0387 is rated as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2008-0387?
To fix CVE-2008-0387, you should upgrade Firebird SQL to version 1.5.6 or later, 2.0.4 or later, or 2.1.0 RC1 or later.
What types of operations are affected by CVE-2008-0387?
CVE-2008-0387 affects operations such as op_receive, op_start, op_start_and_receive, op_send, op_start_and_send, and op_start_send.
Which versions of Firebird are vulnerable to CVE-2008-0387?
Firebird SQL versions 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 are vulnerable to CVE-2008-0387.
Can CVE-2008-0387 be exploited remotely?
Yes, CVE-2008-0387 can be exploited by remote attackers, allowing them to execute arbitrary code.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/firebirdsql
- canonical/firebirdsql
- version/firebirdsql/1.0.3
- version/firebirdsql/2.0.0
- version/firebirdsql/2.1.0
- version/firebirdsql/1.5