[Secure-testing-team] Bug#539477: CVE-2009-2620: denial of service (daemon crash) via a malformed op_connect_request message

Giuseppe Iuculano giuseppe at iuculano.it
Sat Aug 1 09:23:05 UTC 2009


Package: firebird2.0
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.0.

CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
| allows remote attackers to cause a denial of service (daemon crash)
| via a malformed op_connect_request message that triggers an infinite
| loop or NULL pointer dereference.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620
    http://security-tracker.debian.net/tracker/CVE-2009-2620
    http://www.coresecurity.com/content/firebird-sql-dos
    Patch: http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.158.2.6&r2=1.158.2.7&view=patch

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkp0CXYACgkQNxpp46476aq0nACghSwTW+uL7r8asdjToTCuYJfw
XH8An31ZNMQ8v74NFEh6ErSrP1GHz/my
=INoS
-----END PGP SIGNATURE-----





More information about the Secure-testing-team mailing list