Upstream information

CVE-2013-2492 at MITRE

Description

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 808268 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • firebird >= 2.5.2.26539-2.5.1
  • firebird-32bit >= 2.5.2.26539-2.5.1
  • firebird-classic >= 2.5.2.26539-2.5.1
  • firebird-classic-debuginfo >= 2.5.2.26539-2.5.1
  • firebird-classic-debugsource >= 2.5.2.26539-2.5.1
  • firebird-debuginfo >= 2.5.2.26539-2.5.1
  • firebird-debuginfo-32bit >= 2.5.2.26539-2.5.1
  • firebird-debugsource >= 2.5.2.26539-2.5.1
  • firebird-devel >= 2.5.2.26539-2.5.1
  • firebird-doc >= 2.5.2.26539-2.5.1
  • firebird-superserver >= 2.5.2.26539-2.5.1
  • firebird-superserver-debuginfo >= 2.5.2.26539-2.5.1
  • libfbclient2 >= 2.5.2.26539-2.5.1
  • libfbclient2-32bit >= 2.5.2.26539-2.5.1
  • libfbclient2-debuginfo >= 2.5.2.26539-2.5.1
  • libfbclient2-debuginfo-32bit >= 2.5.2.26539-2.5.1
  • libfbclient2-devel >= 2.5.2.26539-2.5.1
  • libfbembed-devel >= 2.5.2.26539-2.5.1
  • libfbembed2_5 >= 2.5.2.26539-2.5.1
  • libfbembed2_5-debuginfo >= 2.5.2.26539-2.5.1
Patchnames:
openSUSE-2013-222
openSUSE Evergreen 11.4
  • firebird >= 2.1.3.18185.0-16.1
  • firebird-classic >= 2.1.3.18185.0-16.1
  • firebird-classic-debuginfo >= 2.1.3.18185.0-16.1
  • firebird-debuginfo >= 2.1.3.18185.0-16.1
  • firebird-debugsource >= 2.1.3.18185.0-16.1
  • firebird-devel >= 2.1.3.18185.0-16.1
  • firebird-devel-debuginfo >= 2.1.3.18185.0-16.1
  • firebird-doc >= 2.1.3.18185.0-16.1
  • firebird-filesystem >= 2.1.3.18185.0-16.1
  • firebird-superserver >= 2.1.3.18185.0-16.1
  • firebird-superserver-debuginfo >= 2.1.3.18185.0-16.1
  • libfbclient2 >= 2.1.3.18185.0-16.1
  • libfbclient2-debuginfo >= 2.1.3.18185.0-16.1
  • libfbembed2 >= 2.1.3.18185.0-16.1
  • libfbembed2-debuginfo >= 2.1.3.18185.0-16.1
Patchnames:
2013-43