relational databases
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Firebird Relational Database Multiple Buffer Overflow Vulnerabilities
http://risesecurity.org/advisory/RISE-2007003/
Published: October 3, 2007
Updated: October 3, 2007
3. *Vulnerability Description*
SolidDB is an in-memory relational database from IBM with over 3,000,000
deployments [1]. It is used as an embedded database by independent
software vendors of enterprise applications, telecommunications and
embedded software and systems. IBM reports SolidDB as being used in
mission-critical applications from Cisco, HP, Alcatel and Nokia Siemens.
The in-memory database is also used as core component of IBM SolidDB
Debian-specific: no
CVE Id(s) : CVE-2008-3963 CVE-2008-4456
Debian Bug : 498362
Multiple vulnerabilities have been identified affecting MySQL, a
relational database server, and its associated interactive client
application. The Common Vulnerabilities and Exposures project
identifies the following two problems:
CVE-2008-3963
without verifying credentials.
Background
==========
Firebird is a multi-platform, open source relational database.
Affected packages
=================
-------------------------------------------------------------------
#######################################################################
Luigi Auriemma
Application: IBM solidDB
http://www.solidtech.com/en/products/relationaldatabasemanagementsoftware/embed.asp
Versions: <= 06.00.1018
Platforms: Windows (tested), Solaris, AIX, HP-UX and Linux
Bugs: A] format string in logging function
B] crash caused by arbitrary array index
C] NULL pointer
Multiple stack-based buffer overflows were discovered in Firebird.
Background
==========
Firebird is a multi-platfrom, open source relational database.
Affected packages
=================
-------------------------------------------------------------------
sending carefully crafted data to the Server.
Description:
==========
IBM DB2 is a large-scale business relational database system oriented to E-commerce,
business information, content management, customer relation management and
other applications. IBM DB2 operates on AIX, HP-UX, Linux, Solaris and Windows.
There exists a vulnerability in function jdbcReadString() of IBM DB2 JDBC
Applet Server. When converting UNICODE to ANSI string, the function uses the
*Technical Description / Proof of Concept Code*
The CitectSCADA and CitectFacilities applications include ODBC server
capabilities to provide remote SQL access to a relational database. The
ODBC Server component listens on port 20222/tcp by default to service
requests from clients on TCP/IP networks. The application layer protocol
used over TCP reads an initial packet of 4 bytes that specifies the
length of data that follows in the next packet. A second packet of that
length with a 5-byte fixed header is then read from the same TCP socket.
ITDEFENCE.ru
Firebird is a relational database offering many ANSI SQL-92 features that runs on Linux, Windows, and a variety of Unix platforms.
<?php
/**
* FIREBIRD REMOTE BUFFER OVERFLOW.
* ITDEFENCE.ru Proof-of-Concept (POC)
* Eugene Minaev (underwater@itdefence.ru)
arbitrary code.
Background
==========
Firebird is a multi-platform, open source relational database.
Affected packages
=================
-------------------------------------------------------------------
Bugtraq ID: 27403
CVE Name: CVE-2008-0387
*Vulnerability Description*
Firebird [1][2] is a relational database that runs on Linux, Windows,
and a variety of Unix platforms. The Firebird Project is a commercially
independent project of C and C++ programmers, technical advisors and
supporters developing and enhancing a multi-platform relational database
management system based on the source code released by Inprise Corp (now
known as Borland Software Corp) on 25 July, 2000.
|
