Published: 15/03/2013 Updated: 07/12/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in Firebird 2.1.3 up to and including 2.1.5 prior to 18514, and 2.5.1 up to and including 2.5.3 prior to 26623, on Windows allows remote malicious users to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
firebirdsql firebird 2.1.3
firebirdsql firebird 2.1.4
firebirdsql firebird 2.1.5
firebirdsql firebird 2.5.1
firebirdsql firebird 2.5.2
firebirdsql firebird 2.5.3

Debian Bug report logs - #693210 server crash on prearing an empty query with tracing enabled Package: src:firebird25; Maintainer for src:firebird25 is Debian Firebird Group <pkg-firebird-general@listsaliothdebianorg>; Reported by: Damyan Ivanov <dmn@debianorg> Date: Wed, 14 Nov 2012 09:39:01 UTC Severity: impo ...

Debian Bug report logs - #702735 firebird21: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability Package: src:firebird21; Maintainer for src:firebird21 is (unknown); Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 10 Mar 2013 21:15:01 UTC Severity: grave Tags: patch, security Fixed in versi ...

A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code For the stable distribution (squeeze), this problem has been fixed in version 21318185-0ds1-11+squeeze1 For the testing distribution (wheezy), firebird21 will be removed in favour of firebird25 For the unstable distributi ...

A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code In addition, a denial of service vulnerability was discovered in the TraceManager For the stable distribution (squeeze), these problems have been fixed in version 25026054~ReleaseCandidate3ds2-1+squeeze1 For the testing dis ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp def initialize super( 'Name' => 'Firebird Relational Datab ...

CWE-119 http://tracker.firebirdsql.org/browse/CORE-4058 https://gist.github.com/zeroSteiner/85daef257831d904479c https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html http://www.debian.org/security/2013/dsa-2647 http://www.debian.org/security/2013/dsa-2648 http://www.securityfocus.com/bid/58393 https://security.gentoo.org/glsa/201512-11 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 https://www.exploit-db.com/exploits/41709/https://www.debian.org/security/./dsa-2647

CVE-2013-2492

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect