Issue Details (XML | Word | Printable)

Key: CORE-2563
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Dmitry Yemanov
Reporter: Dmitry Yemanov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Possible DoS attack using the malformed packet sent into the connection port

Created: 20/Jul/09 07:31 AM   Updated: 08/Nov/09 10:25 PM
Component/s: Engine
Affects Version/s: 2.0.0, 1.5.4, 2.0.1, 2.0.2, 2.0.3, 1.5.5, 2.1.0, 2.0.4, 2.5 Alpha 1, 2.1.1, 2.0.5, 2.1.2, 2.5 Beta 1
Fix Version/s: 2.5 Beta 2, 2.1.3, 1.5.6, 2.0.6

Time Tracking:
Not Specified

Environment: SuperServer only, any platform

Planning Status: Unspecified


 Description  « Hide
It's possible to shutdown the server's main port (3050 by default) via sending a malformed packet of some special format, thus causing a DoS condition for new incoming connections. This exploit can be used by an unauthenticated client. Reported 15-Jul-2009 by Core Security Technologies.

 All   Comments   Work Log   Change History   Version Control   FishEye      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.

Powered by a free Atlassian JIRA open source license for Firebird (RDBMS). Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators