CVE-2013-2492 - OpenCVE

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Firebirdsql	Firebird
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:firebirdsql:firebird:2.1.3:::::::*
	cpe:2.3:a:firebirdsql:firebird:2.1.4:::::::*
	cpe:2.3:a:firebirdsql:firebird:2.1.5:::::::*
	cpe:2.3:a:firebirdsql:firebird:2.5.1:::::::*
	cpe:2.3:a:firebirdsql:firebird:2.5.2:::::::*
	cpe:2.3:a:firebirdsql:firebird:2.5.3:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html
http://tracker.firebirdsql.org/browse/CORE-4058
http://www.debian.org/security/2013/dsa-2647
http://www.debian.org/security/2013/dsa-2648
http://www.securityfocus.com/bid/58393
https://gist.github.com/zeroSteiner/85daef257831d904479c
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb
https://security.gentoo.org/glsa/201512-11

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-03-15T14:00:00

Updated: 2024-08-06T15:36:46.823Z

Reserved: 2013-03-06T00:00:00

Link: CVE-2013-2492

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-03-15T22:55:01.003

Modified: 2016-12-07T03:00:13.430

Link: CVE-2013-2492

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201512-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201512-11"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"}, {"name": "openSUSE-SU-2013:0496", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"}, {"name": "58393", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58393"}, {"name": "DSA-2648", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2648"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tracker.firebirdsql.org/browse/CORE-4058"}, {"name": "openSUSE-SU-2013:0504", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"}, {"name": "DSA-2647", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2647"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2492", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201512-11", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201512-11"}, {"name": "https://gist.github.com/zeroSteiner/85daef257831d904479c", "refsource": "MISC", "url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"}, {"name": "openSUSE-SU-2013:0496", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"}, {"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb", "refsource": "MISC", "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"}, {"name": "58393", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58393"}, {"name": "DSA-2648", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2648"}, {"name": "http://tracker.firebirdsql.org/browse/CORE-4058", "refsource": "CONFIRM", "url": "http://tracker.firebirdsql.org/browse/CORE-4058"}, {"name": "openSUSE-SU-2013:0504", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"}, {"name": "DSA-2647", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2647"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:36:46.823Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201512-11", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201512-11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"}, {"name": "openSUSE-SU-2013:0496", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"}, {"name": "58393", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58393"}, {"name": "DSA-2648", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2648"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tracker.firebirdsql.org/browse/CORE-4058"}, {"name": "openSUSE-SU-2013:0504", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"}, {"name": "DSA-2647", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2647"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2492", "datePublished": "2013-03-15T14:00:00", "dateReserved": "2013-03-06T00:00:00", "dateUpdated": "2024-08-06T15:36:46.823Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4826EB91-07FB-4D0A-B4B6-1355903C0F26", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BC2C727-E1AD-4818-9530-3448162EFD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "90F5B6FC-7D83-4353-A88B-70281BB9C47C", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "861024DD-2FF9-47BF-A553-ED8247BE774D", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "BD46C7F4-6551-48E7-9CF1-B1FB5F11F01F", "vulnerable": true}, {"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "FD10CD46-ABDE-495A-91DE-AC028FD8927F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en Firebird v2.1.3 hasta v2.1.5 anterior a 18514, y v2.5.1 hasta v2.5.3 anterior a 26623, en Windows permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados por el puerto TCP 3050, en relaci\u00f3n con una comprobaci\u00f3n de tama\u00f1o perdido durante la extracci\u00f3n de un n\u00famero de grupo de informaci\u00f3n CNCT."}], "id": "CVE-2013-2492", "lastModified": "2016-12-07T03:00:13.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-15T22:55:01.003", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://tracker.firebirdsql.org/browse/CORE-4058"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2647"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2648"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/58393"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201512-11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}