CVE-2007-4668

Published: Sep 4, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.

Affected (1)

Products: Firebirdsql: Firebird

Firebirdsql

1 product

Firebird

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Firebirdsql Firebird	Up to 2.0.1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-264

References (16)

http://secunia.com/advisories/29501

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=535898

Source: cve@mitre.org

Patch

http://tracker.firebirdsql.org/browse/CORE-1312

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1529

Source: cve@mitre.org

http://www.firebirdsql.org/index.php?op=files&id=engine_202

Source: cve@mitre.org

http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf

Source: cve@mitre.org

http://www.securityfocus.com/bid/25497

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2007/3021

Source: cve@mitre.org

http://secunia.com/advisories/29501