Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird

["KF (lists)" <kf_lists () secnetops com>]

Actually its more like 2 years old...

http://www.securiteam.com/unixfocus/5CP0S0U7FG.html
http://seclists.org/lists/bugtraq/2002/Jun/0212.html

I found that AGES ago. Hell I even sat on it 6 months while attempting 
to get Borland to wake up (with out success).

Better late than never I guess.

-KF


b0f www.b0f.net wrote:

> In-Reply-To: <40B0954A.6020103 () gentoo org>
>
> This bug is over 1 year old take a look here
> http://www.securityfocus.com/archive/1/321087/2003-05-08/2003-05-14/0
>
> Also includes exploit.
>
> -b0f 
>
> Hi bob 
>
>  
>
> > Received: (qmail 26887 invoked from network); 24 May 2004 15:08:38 -0000
> > Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) (205.206.231.26)
> > by mail.securityfocus.com with SMTP; 24 May 2004 15:08:38 -0000
> > Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
> >         by outgoing2.securityfocus.com (Postfix) with QMQP
> >         id DEBEC14370F; Mon, 24 May 2004 17:07:45 -0600 (MDT)
> > Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
> > Precedence: bulk
> > List-Id: <bugtraq.list-id.securityfocus.com>
> > List-Post: <mailto:bugtraq () securityfocus com>
> > List-Help: <mailto:bugtraq-help () securityfocus com>
> > List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
> > List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
> > Delivered-To: mailing list bugtraq () securityfocus com
> > Delivered-To: moderator for bugtraq () securityfocus com
> > Received: (qmail 27595 invoked from network); 23 May 2004 05:57:21 -0000
> > Message-ID: <40B0954A.6020103 () gentoo org>
> > Date: Sun, 23 May 2004 14:12:58 +0200
> > From: Thierry Carrez <koon () gentoo org>
> > Organization: Gentoo Linux
> > User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040327
> > X-Accept-Language: en-us, en
> > MIME-Version: 1.0
> > To: gentoo-announce () lists gentoo org
> > Cc: bugtraq () securityfocus com, full-disclosure () lists netsys com,
> >         security-alerts () linuxsecurity com
> > Subject: [ GLSA 200405-18 ] Buffer Overflow in Firebird
> > X-Enigmail-Version: 0.83.3.0
> > X-Enigmail-Supports: pgp-inline, pgp-mime
> > Content-Type: text/plain; charset=us-ascii
> > Content-Transfer-Encoding: 7bit
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > Gentoo Linux Security Advisory                           GLSA 200405-18
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >                                           http://security.gentoo.org/
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> > Severity: High
> >    Title: Buffer Overflow in Firebird
> >     Date: May 23, 2004
> >     Bugs: #20837
> >       ID: 200405-18
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> > Synopsis
> > ========
> >
> > A buffer overflow via environmental variables in Firebird may allow a
> > local user to manipulate or destroy local databases and trojan the
> > Firebird binaries.
> >
> > Background
> > ==========
> >
> > Firebird is an open source relational database that runs on Linux,
> > Windows, and various UNIX systems.
> >
> > Affected packages
> > =================
> >
> >   -------------------------------------------------------------------
> >    Package          /   Vulnerable   /                    Unaffected
> >   -------------------------------------------------------------------
> > 1  dev-db/firebird         < 1.5                              >= 1.5
> >
> > Description
> > ===========
> >
> > A buffer overflow exists in three Firebird binaries (gds_inet_server,
> > gds_lock_mgr, and gds_drop) that is exploitable by setting a large
> > value to the INTERBASE environment variable.
> >
> > Impact
> > ======
> >
> > An attacker could control program execution, allowing privilege
> > escalation to the UID of Firebird, full access to Firebird databases,
> > and trojaning the Firebird binaries. An attacker could use this to
> > compromise other user or root accounts.
> >
> > Workaround
> > ==========
> >
> > There is no known workaround.
> >
> > Resolution
> > ==========
> >
> > All users should upgrade to the latest version of Firebird:
> >
> >   # emerge sync
> >
> >   # emerge -pv ">=dev-db/firebird-1.5"
> >   # emerge ">=dev-db/firebird-1.5"
> >
> > References
> > ==========
> >
> > [ 1 ] Bugtraq Security Announcement
> >       http://securityfocus.com/bid/7546/info/
> > [ 2 ] Sourceforge BugTracker Announcement
> >
> > http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480
> >
> > Availability
> > ============
> >
> > This GLSA and any updates to it are available for viewing at
> > the Gentoo Security Website:
> >
> >    http://security.gentoo.org/glsa/glsa-200405-18.xml
> >
> > Concerns?
> > =========
> >
> > Security is a primary focus of Gentoo Linux and ensuring the
> > confidentiality and security of our users machines is of utmost
> > importance to us. Any security concerns should be addressed to
> > security () gentoo org or alternatively, you may file a bug at
> > http://bugs.gentoo.org.
> >
> > License
> > =======
> >
> > Copyright 2004 Gentoo Technologies, Inc; referenced text
> > belongs to its owner(s).
> >
> > The contents of this document are licensed under the
> > Creative Commons - Attribution / Share Alike license.
> >
> > http://creativecommons.org/licenses/by-sa/1.0
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.4 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFAsJVJvcL1obalX08RAj+PAKCb9Fd0AtIgaUbIj171XyOS2C1KrwCgli71
> > 8qHVQCl6dlag+WIA4iPZR7w=
> > =zCcg
> > -----END PGP SIGNATURE-----
> >
> >    
>
>