CVE-2007-2606 - OpenCVE

Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Firebirdsql	Firebird

Configuration 1 [-]

cpe:2.3:a:firebirdsql:firebird:2.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/37308
http://osvdb.org/37309
http://secunia.com/advisories/29501
http://securityreason.com/securityalert/2708
http://www.debian.org/security/2008/dsa-1529
http://www.securityfocus.com/archive/1/468070/100/0/threaded
http://www.securityfocus.com/bid/28478
https://exchange.xforce.ibmcloud.com/vulnerabilities/34201

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-11T10:00:00

Updated: 2024-08-07T13:42:33.412Z

Reserved: 2007-05-11T00:00:00

Link: CVE-2007-2606

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-11T10:19:00.000

Modified: 2018-10-16T16:44:43.713

Link: CVE-2007-2606

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\\ConfigFile.cpp or (2) msgs\\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "37309", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37309"}, {"name": "firebird-configfile-checkmsgs-bo(34201)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"}, {"name": "20070509 Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"}, {"name": "28478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28478"}, {"name": "37308", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37308"}, {"name": "2708", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2708"}, {"name": "29501", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29501"}, {"name": "DSA-1529", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1529"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2606", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\\ConfigFile.cpp or (2) msgs\\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "37309", "refsource": "OSVDB", "url": "http://osvdb.org/37309"}, {"name": "firebird-configfile-checkmsgs-bo(34201)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"}, {"name": "20070509 Multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"}, {"name": "28478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28478"}, {"name": "37308", "refsource": "OSVDB", "url": "http://osvdb.org/37308"}, {"name": "2708", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2708"}, {"name": "29501", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29501"}, {"name": "DSA-1529", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1529"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:42:33.412Z"}, "title": "CVE Program Container", "references": [{"name": "37309", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37309"}, {"name": "firebird-configfile-checkmsgs-bo(34201)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"}, {"name": "20070509 Multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"}, {"name": "28478", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28478"}, {"name": "37308", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37308"}, {"name": "2708", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2708"}, {"name": "29501", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29501"}, {"name": "DSA-1529", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1529"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2606", "datePublished": "2007-05-11T10:00:00", "dateReserved": "2007-05-11T00:00:00", "dateUpdated": "2024-08-07T13:42:33.412Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1A9590F0-2E23-4485-93FE-528B346E26CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\\ConfigFile.cpp or (2) msgs\\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en Firebird 2.1 permite a atacantes remotos disparar una corrupci\u00f3n de memoria y posiblemente tener otro impacto no especificado mediante determinadas entradas procesadas por (1) config\\ConfigFile.cpp o (2) msgs\\check_msgs.epp. NOTA: si ConfigFile.cpp lee un fichero de configuraci\u00f3n con permisos restrictivos, entonces el vector ConfigFile.cpp puede no cruzar l\u00edmites de privilegios y quiz\u00e1s no deber\u00eda ser incluido en CVE."}], "id": "CVE-2007-2606", "lastModified": "2018-10-16T16:44:43.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-11T10:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37308"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37309"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29501"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2708"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1529"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28478"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}