CVE-2004-2043 - OpenCVE

Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Borland Software	Interbase Interbase Superserver
Firebirdsql	Firebird

Configuration 1 [-]

OR	cpe:2.3:a:borland_software:interbase:4.0:::::::*
	cpe:2.3:a:borland_software:interbase:5.0:::::::*
	cpe:2.3:a:borland_software:interbase:6.0:::::::*
	cpe:2.3:a:borland_software:interbase:6.4:::::::*
	cpe:2.3:a:borland_software:interbase:6.5:::::::*
	cpe:2.3:a:borland_software:interbase:7.0:::::::*
	cpe:2.3:a:borland_software:interbase:7.1:::::::*
	cpe:2.3:a:borland_software:interbase_superserver:6.0:::::::*
	cpe:2.3:a:firebirdsql:firebird:1.0:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html
http://marc.info/?l=bugtraq&m=108611386202493&w=2
http://secunia.com/advisories/11756
http://secunia.com/advisories/19350
http://securitytracker.com/id?1010381
http://www.debian.org/security/2006/dsa-1014
http://www.osvdb.org/6408
http://www.osvdb.org/6624
http://www.securiteam.com/unixfocus/5AP0P0UCUO.html
http://www.securityfocus.com/bid/10446
https://exchange.xforce.ibmcloud.com/vulnerabilities/16229
https://exchange.xforce.ibmcloud.com/vulnerabilities/16316

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2024-08-08T01:15:01.209Z

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-2043

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-05-01T04:00:00.000

Modified: 2017-07-11T01:31:34.857

Link: CVE-2004-2043

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-06-01T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-1014", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1014"}, {"name": "firebird-database-name-bo(16229)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"}, {"name": "19350", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19350"}, {"name": "20040601 Firebird Database Remote Database Name Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108611386202493&w=2"}, {"name": "6624", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6624"}, {"name": "20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"}, {"name": "interbase-database-name-bo(16316)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"}, {"name": "10446", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10446"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"}, {"name": "1010381", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1010381"}, {"name": "6408", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/6408"}, {"name": "11756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11756"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-1014", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1014"}, {"name": "firebird-database-name-bo(16229)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"}, {"name": "19350", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19350"}, {"name": "20040601 Firebird Database Remote Database Name Overflow", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108611386202493&w=2"}, {"name": "6624", "refsource": "OSVDB", "url": "http://www.osvdb.org/6624"}, {"name": "20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"}, {"name": "interbase-database-name-bo(16316)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"}, {"name": "10446", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10446"}, {"name": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html", "refsource": "MISC", "url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"}, {"name": "1010381", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010381"}, {"name": "6408", "refsource": "OSVDB", "url": "http://www.osvdb.org/6408"}, {"name": "11756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11756"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:15:01.209Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-1014", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1014"}, {"name": "firebird-database-name-bo(16229)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"}, {"name": "19350", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19350"}, {"name": "20040601 Firebird Database Remote Database Name Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108611386202493&w=2"}, {"name": "6624", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/6624"}, {"name": "20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"}, {"name": "interbase-database-name-bo(16316)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"}, {"name": "10446", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10446"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"}, {"name": "1010381", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1010381"}, {"name": "6408", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/6408"}, {"name": "11756", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/11756"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2043", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2024-08-08T01:15:01.209Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:borland_software:interbase:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E61E2866-38F1-45C0-8B5D-A07CA430BDDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D2666FC-B03C-47A5-BA04-A08DC28C7C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FE98699-E21E-4D1C-BD43-F7F62D9AE7BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "42F1460E-CA94-4D7D-9799-F763221DBF4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "9547CEC2-B180-4BFF-A5FF-DE8D2ABB8986", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "D724271B-3747-4C65-BC90-D0F7B89F996B", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B705544-E282-4791-B4F9-0865D57E2747", "vulnerable": true}, {"criteria": "cpe:2.3:a:borland_software:interbase_superserver:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "1DB0894E-F477-45F1-902B-D87C4E2291BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "78A133F6-268F-4765-98E9-A910FC9F4926", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command."}], "id": "CVE-2004-2043", "lastModified": "2017-07-11T01:31:34.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-05-01T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108611386202493&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/11756"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19350"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1010381"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1014"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/6408"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/6624"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10446"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}