Summary
A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.
Solution
For the stable distribution (squeeze), these problems have been fixed in version 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.
For the testing distribution (wheezy), these problems will be fixed soon.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your firebird2.5 packages.
Insight
Firebird is a relational database offering many ANSI SQL-99 features that runs on Linux, Windows, and a variety of Unix platforms. Firebird offers excellent concurrency, high performance, and powerful language support for stored procedures and triggers.
Affected
firebird2.5 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-5529, CVE-2013-2492 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities