Issue Details (XML | Word | Printable)

Key: CORE-1681
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Dmitry Yemanov
Reporter: Dmitry Yemanov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Garbage data in the incoming remote packet may crash the server

Created: 09/Jan/08 04:30 AM   Updated: 20/Aug/16 05:53 PM
Component/s: None
Affects Version/s: 1.0.3, 2.0.0, 1.5.4, 2.0.1, 2.0.2, 2.0.3, 2.1 Beta 2, 1.5.5
Fix Version/s: 2.1 RC1, 2.0.4, 1.5.6

Environment: ANY

QA Status: Cannot be tested


 Description  « Hide
If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dmitry Yemanov made changes - 09/Jan/08 05:10 AM
Field Original Value New Value
Fix Version/s 2.0.4 [ 10211 ]
Fix Version/s 1.5.6 [ 10225 ]
Repository Revision Date User Message
Firebird #31478 Wed Jan 09 09:44:34 UTC 2008 dimitr Fixed CORE-1681.
Files Changed
MODIFY /firebird/branches/B2_0_Release/src/remote/protocol.cpp
MODIFY /firebird/branches/B2_0_Release/src/remote/server.cpp

Repository Revision Date User Message
Firebird #31480 Wed Jan 09 09:53:01 UTC 2008 dimitr Fixed CORE-1681. Includes backporting of some array bound checks from v2.x.
Files Changed
MODIFY /firebird/branches/B1_5_Release/src/remote/server.cpp
MODIFY /firebird/branches/B1_5_Release/src/remote/protocol.cpp

Repository Revision Date User Message
Firebird #31486 Wed Jan 09 10:20:57 UTC 2008 dimitr Fixed CORE-1681.
Files Changed
MODIFY /firebird/trunk/src/remote/server.cpp
MODIFY /firebird/trunk/src/remote/protocol.cpp

Dmitry Yemanov made changes - 10/Jan/08 01:30 AM
Fix Version/s 2.1 RC1 [ 10201 ]
Resolution Fixed [ 1 ]
Status Open [ 1 ] Resolved [ 5 ]
Dmitry Yemanov made changes - 10/Jan/08 01:33 AM
Description If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs.
Dmitry Yemanov made changes - 10/Jan/08 01:35 AM
Attachment CORE-2007-1219-firebird-advisory.pdf [ 10742 ]
Dmitry Yemanov made changes - 10/Jan/08 01:41 AM
Attachment CORE-2007-1219-firebird-advisory.pdf [ 10742 ]
Dmitry Yemanov made changes - 28/Jan/08 12:51 PM
Description If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs. If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095
Pavel Cisar made changes - 28/Jan/08 01:17 PM
Workflow jira [ 13806 ] Firebird [ 14118 ]
Pavel Cisar made changes - 18/Nov/08 01:12 PM
Status Resolved [ 5 ] Closed [ 6 ]
Pavel Zotov made changes - 19/Jan/16 05:01 AM
QA Status No test
Pavel Zotov made changes - 20/Aug/16 05:53 PM
Status Closed [ 6 ] Closed [ 6 ]
QA Status No test Cannot be tested