Launchpad.net

CVE 2008-0467

Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.

Related bugs and status

CVE-2008-0467 (Candidate) is related to these bugs:

Bug #194100: Please merge firebird2.0_2.0.3.12981.ds1-5 (universe) from Debian unstable (Security FIX)

Summary				In	Importance	Status
	194100	Please merge firebird2.0_2.0.3.12981.ds1-5 (universe) from Debian unstable (Security FIX)		firebird2.0 (Ubuntu)	Medium	Fix Released

Bug #206469: Please sync firebird2.0 2.0.3.12981.ds1-12 (universe) from Debian (main)

Summary				In	Importance	Status
	206469	Please sync firebird2.0 2.0.3.12981.ds1-12 (universe) from Debian (main)		firebird2.0 (Ubuntu)	Wishlist	Fix Released

Bug #210141: [firebird] [DSA-1529-1] Debian recommends upgrade to firebird2, support for firebird1.5 discontinued

Summary				In	Importance	Status
	210141	[firebird] [DSA-1529-1] Debian recommends upgrade to firebird2, support for firebird1.5 discontinued		firebird1.5 (Ubuntu)	Undecided	Won't Fix
	210141	[firebird] [DSA-1529-1] Debian recommends upgrade to firebird2, support for firebird1.5 discontinued		firebird2 (Ubuntu)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tracker.firebir...
BID: 27467
SECTRACK: 1019277
SECUNIA: 28596
GENTOO: GLSA-200803-02
SECUNIA: 29203
DEBIAN: DSA-1529
SECUNIA: 29501
VUPEN: ADV-2008-0300
CONFIRM: http://sourceforge.net...
CONFIRM: http://sourceforge.net...
XF: firebird-username-bo(3...