Apple

Notified:  January 09, 2001 Updated: January 10, 2001

Status

  Not Vulnerable

Vendor Statement

The referenced database package is not packaged with Mac OS X or Mac OS X Server.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Borland

Notified:  December 23, 2000 Updated: January 11, 2001

Status

  Vulnerable

Vendor Statement

Please see: http://www.borland.com/interbase/downloads/patches.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Fujitsu

Notified:  January 09, 2001 Updated: January 10, 2001

Status

  Not Vulnerable

Vendor Statement

Fujitsu's UXP/V operating system is not affected by this problem because we don't support the relevant database.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBPhoenix

Notified:  December 26, 2001 Updated: January 10, 2001

Status

  Vulnerable

Vendor Statement

The Firebird project uncovered serious security problems with InterBase. The problems are fixed in Firebird build 0.9.4 for all platforms. If you are running either InterBase V6 or Firebird 0.9.3, you should upgrade to Firebird 0.9.4. These security holes affect all version of InterBase shipped since 1994, on all platforms. For those who can not upgrade, Jim Starkey developed a patch program that will correct the more serious problems in any version of InterBase on any platform. IBPhoenix chose to release the program without charge, given the nature of the problem and our relationship to the community. At the moment, name service is not set up to the machine that is hosting the patch, so you will have to use the IP number both for the initial contact and for the ftp download. To start, point your browser at http://64.55.62.15/. In the download instructions you receive, replace the (relatively) intelligible string "firebird.ibphoenix.com" with 64.55.62.15.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.