CVE-2007-3181

Severity

99%

Complexity

99%

Confidentiality

165%

Failed exploit attempts will likely cause a denial of service on the server.

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."

Failed exploit attempts will likely cause a denial of service on the server.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-06-12 23:30:00

Last updated 7 years ago

2017-07-29 01:32:00

Affected Software

Firebird Firebird

References

http://dvlabs.tippingpoint.com/advisory/TPTI-07-11

Vendor Advisory

37231

25601

Patch, Vendor Advisory

25872

29501

GLSA-200707-01

DSA-1529

http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf

24436

Exploit, Patch

ADV-2007-2149

firebird-fbserver-bo(34833)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.