Debian DSA-1529-1 : firebird -- multiple vulnerabilities

Critical Nessus Plugin ID 38955

Synopsis

The remote Debian host is missing a security-related update.

Description

Multiple security problems have been discovered in the Firebird database, which may lead to the execution of arbitrary code or denial of service.

This Debian security advisory is a bit unusual. While it\'s normally our strict policy to backport security bugfixes to older releases, this turned out to be infeasible for Firebird 1.5 due to large infrastructural changes necessary to fix these issues. As a consequence security support for Firebird 1.5 is hereby discontinued.

Solution

Upgrade to the firebird2.0 packages available at backports.org. Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.

See Also

http://www.debian.org/security/2008/dsa-1529

Plugin Details

Severity: Critical

ID: 38955

File Name: debian_DSA-1529.nasl

Version: Revision: 1.13

Type: local

Agent: unix

Published: 2008/03/28

Updated: 2016/12/06

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/03/24

Exploitable With

Core Impact

Reference Information

CVE: CVE-2006-7211, CVE-2006-7212, CVE-2006-7213, CVE-2006-7214, CVE-2007-2606, CVE-2007-3181, CVE-2007-3527, CVE-2007-4664, CVE-2007-4665, CVE-2007-4666, CVE-2007-4667, CVE-2007-4668, CVE-2007-4669, CVE-2008-0387, CVE-2008-0467

DSA: 1529

CWE: 20, 119, 189, 200, 264