CVE-2007-2606

high

Description

Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34201

http://www.securityfocus.com/bid/28478

http://www.securityfocus.com/archive/1/468070/100/0/threaded

http://www.debian.org/security/2008/dsa-1529

http://securityreason.com/securityalert/2708

http://secunia.com/advisories/29501

http://osvdb.org/37309

http://osvdb.org/37308

Details

Source: Mitre, NVD

Published: 2007-05-11

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High