Issue Details (XML | Word | Printable)

Key: CORE-2563
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Dmitry Yemanov
Reporter: Dmitry Yemanov
Votes: 0
Watchers: 2
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Possible DoS attack using the malformed packet sent into the connection port

Created: 20/Jul/09 07:31 AM   Updated: 08/Nov/09 10:25 PM
Component/s: Engine
Affects Version/s: 2.0.0, 1.5.4, 2.0.1, 2.0.2, 2.0.3, 1.5.5, 2.1.0, 2.0.4, 2.5 Alpha 1, 2.1.1, 2.0.5, 2.1.2, 2.5 Beta 1
Fix Version/s: 2.5 Beta 2, 2.1.3, 1.5.6, 2.0.6

Time Tracking:
Not Specified

Environment: SuperServer only, any platform

Planning Status: Unspecified


 Description  « Hide
It's possible to shutdown the server's main port (3050 by default) via sending a malformed packet of some special format, thus causing a DoS condition for new incoming connections. This exploit can be used by an unauthenticated client. Reported 15-Jul-2009 by Core Security Technologies.

 All   Comments   Work Log   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
The cvs commits can not be displayed for repository Firebird at the moment since the log has not yet been parsed. The log will be parsed the next time the VcsService runs. If you have administrators privileges you can hasten the next time the service will run in the service section of the Administration pages.

Powered by a free Atlassian JIRA open source license for Firebird (RDBMS). Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators