Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1240 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Firebird

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.3%

top 44.03%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Firebirdsql Firebird

Timeline

PublishedMar 15

Latest updateMay 1

Description

Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDfirebirdsql/firebird1.5, 1.5.1, 1.5.2+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-233p-fww7-3x94: Buffer overflow in inet_server↗2022-05-01

▶

CVEList

CVE-2006-1240: Buffer overflow in inet_server↗2006-03-15

▶

💥Exploits & PoCs

Exploit-DB

Firebird 1.5 - Inet_Server Local Buffer Overflow↗2006-03-13

▶