Issue Details (XML | Word | Printable)

Key: CORE-2928
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Minor Minor
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Buffer overflow in gsec

Created: 17/Mar/10 09:52 AM   Updated: 04/Feb/11 11:59 AM
Component/s: GSEC
Affects Version/s: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.0.4, 2.5 Alpha 1, 2.1.1, 2.0.5, 2.1.2, 2.5 Beta 1, 2.5 Beta 2, 2.1.3, 2.5 RC1, 2.5 RC2
Fix Version/s: 2.0.6, 2.5 RC3, 2.1.4, 3.0 Alpha 1

Time Tracking:
Not Specified

Planning Status: Unspecified


 Description  « Hide
For unknown reasons, gsec code copies value of password hash to internal user data structure during display operation. Since Fb2.0 (when hash became much longer than in 1.X) buffer for password, used for it, is not long enough. This is not security problem - because hash value never travels somewhere any more. This also can't cause any harm - because right after password field there are first, middle and last names, which are filled right after password. This is not exploitable. But anyway let's better fix it, specially taking into an account that this BOF is detected by fresh versions of glibc.

 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.