[Secure-testing-team] Bug#539477: CVE-2009-2620: denial of service (daemon crash) via a malformed op_connect_request message
Giuseppe Iuculano
giuseppe at iuculano.it
Sat Aug 1 09:23:05 UTC 2009
Package: firebird2.0
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for firebird2.0.
CVE-2009-2620[0]:
| src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before
| 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2
| allows remote attackers to cause a denial of service (daemon crash)
| via a malformed op_connect_request message that triggers an infinite
| loop or NULL pointer dereference.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620
http://security-tracker.debian.net/tracker/CVE-2009-2620
http://www.coresecurity.com/content/firebird-sql-dos
Patch: http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.158.2.6&r2=1.158.2.7&view=patch
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp0CXYACgkQNxpp46476aq0nACghSwTW+uL7r8asdjToTCuYJfw
XH8An31ZNMQ8v74NFEh6ErSrP1GHz/my
=INoS
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list