CVE-2007-4668

Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tracker.firebirdsql.org/browse/CORE-1312
http://sourceforge.net/project/shownotes.php?release_id=535898	Patch
http://www.firebirdsql.org/index.php?op=files&id=engine_202
http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf
http://www.securityfocus.com/bid/25497	Patch
http://www.debian.org/security/2008/dsa-1529
http://secunia.com/advisories/29501
http://www.vupen.com/english/advisories/2007/3021

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*

Information

Published : 2007-09-04 15:17

Updated : 2011-03-07 18:58

NVD link : CVE-2007-4668

Mitre link : CVE-2007-4668

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

firebirdsql

firebird

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tracker.firebirdsql.org/browse/CORE-1312", "name": "http://tracker.firebirdsql.org/browse/CORE-1312", "tags": [], "refsource": "MISC"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=535898", "name": "http://sourceforge.net/project/shownotes.php?release_id=535898", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.firebirdsql.org/index.php?op=files&id=engine_202", "name": "http://www.firebirdsql.org/index.php?op=files&id=engine_202", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf", "name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/25497", "name": "25497", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.debian.org/security/2008/dsa-1529", "name": "DSA-1529", "tags": [], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/29501", "name": "29501", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/3021", "name": "ADV-2007-3021", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other \"file access,\" via unknown vectors, aka CORE-1312."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}, {"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4668", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-09-04T22:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:58Z"}