Firebird DB Remote Database Name Overflow

critical Nessus Plugin ID 12246

Language:

Synopsis

It is possible to execute code on the remote host.

Description

The remote host is running Firebird database. The remote version of this service is vulnerable to a remote stack-based overflow.

An attacker, exploiting this hole, would be given full access to the target machine. Versions of Firebird database less than 1.5.0 are reportedly vulnerable to this overflow.

Solution

Upgrade to version 1.5.0 or higher.

Plugin Details

Severity: Critical

ID: 12246

File Name: firebird_bo.nasl

Version: 1.21

Type: remote

Family: Databases

Published: 5/25/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:firebirdsql:firebird

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/17/2002

Reference Information

CVE: CVE-2004-2043

BID: 10446