CVE-2007-5246

Name of the Vulnerable Software and Affected Versions: Firebird LI versions 2.0.0.12748 through 2.0.1.12855 Firebird WI versions 2.0.0.12748 through 2.0.1.12855

Description: The issue allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the isc attach database function or a long create request on TCP port 3050 to the isc create database function. This is due to multiple stack-based buffer overflows.

Recommendations: For Firebird LI versions 2.0.0.12748 through 2.0.1.12855, consider restricting access to TCP port 3050 until a patch is available. For Firebird WI versions 2.0.0.12748 through 2.0.1.12855, consider restricting access to TCP port 3050 until a patch is available. As a temporary workaround, consider disabling the isc attach database and isc create database functions until a patch is available.