Re: [Firebird-devel] Minor vulnerabilities

[Alex P. <pes...@ma...>]

On Monday 14 May 2007 02:10, Adriano dos Santos Fernandes wrote:
> Vlad Horsun wrote:
> >     Look at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2606
> >
> >     They found "many BOF's in config\ConfigFile.cpp and in
> > msgs\check_msgs.epp"
> >
> >     First file used by INTL module to parse fbintl.conf at first
> > attachment made after server start. It was taken from Vulcan - it is all
> > i can say about it ;)
> >
> >     I don't think it can be used to attack firebird but code must be
> > corrected, imho
>
> I don't see the BO reading the alert and the code.

for example:
JString ConfigFile::expand(JString rawString)
{
    char temp [1024];

And nobody checks for temp overflow later.