Vulnerability Name:

CVE-2007-3181 (CCN-34833)

Assigned:2007-06-11
Published:2007-06-11
Updated:2017-07-29
Summary:Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
Failed exploit attempts will likely cause a denial of service on the server.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-3181

Source: CCN
Type: TPTI-07-11
Firebird SQL fbserver 'connect' Buffer Overflow Vulnerability

Source: MISC
Type: Vendor Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-07-11

Source: OSVDB
Type: UNKNOWN
37231

Source: CCN
Type: SA25601
Firebird "connect" Request Buffer Overflow and Denial of Service

Source: SECUNIA
Type: Patch, Vendor Advisory
25601

Source: SECUNIA
Type: UNKNOWN
25872

Source: CCN
Type: SA29501
Debian firebird2 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29501

Source: GENTOO
Type: UNKNOWN
GLSA-200707-01

Source: DEBIAN
Type: UNKNOWN
DSA-1529

Source: DEBIAN
Type: DSA-1529
firebird -- multiple vulnerabilities

Source: CCN
Type: Firebird Web site
Firebird - The RDBMS that's going where you're going

Source: CCN
Type: Firebird 2.0.1 Release Notes
22 March 2007 - Document v. 0201_05 - for Firebird 2.0.1 Sub-release

Source: CONFIRM
Type: UNKNOWN
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf

Source: CCN
Type: GLSA-200707-01
Firebird: Buffer overflow

Source: CCN
Type: OSVDB ID: 37231
Firebird SQL fbserver.exe p_cnct_count Value Remote Overflow

Source: BID
Type: Exploit, Patch
24436

Source: CCN
Type: BID-24436
Firebird SQL Fbserver Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-2149

Source: XF
Type: UNKNOWN
firebird-fbserver-bo(34833)

Source: XF
Type: UNKNOWN
firebird-fbserver-bo(34833)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bakbone:netvault:6.x:*:*:*:*:*:*:*
  • OR cpe:/a:firebirdsql:firebird:*:*:*:*:*:*:*:* (Version <= 2.0.0)

  • Configuration CCN 1:
  • cpe:/a:firebirdsql:firebird:2.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    bakbone netvault 6.x
    firebirdsql firebird *
    firebirdsql firebird 2.0.0
    gentoo linux *