New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault in server caused by malformed network packet CVE-2014-9323 [CORE4630] #4944
Comments
Modified by: @AlexPeshkoffassignee: Alexander Peshkov [ alexpeshkoff ] |
Commented by: @AlexPeshkoff Test program causing server to die. |
Modified by: @AlexPeshkoffAttachment: crash.cpp [ 12642 ] |
Modified by: @AlexPeshkoff |
Modified by: @dyemanovreporter: Alexander Peshkov [ alexpeshkoff ] => Kovalenko Dmitry [ _dima_k_ ] |
Modified by: @dyemanovVersion: 3.0 Beta 1 [ 10332 ] Version: 3.0 Alpha 2 [ 10560 ] Version: 3.0 Alpha 1 [ 10331 ] summary: Segfault in server caused by bad packet => Segfault in server caused by malformed network packet |
Commented by: @AlexPeshkoff Added checks for both status vector overflow and presence |
Modified by: @AlexPeshkoffstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.1.7 [ 10651 ] Fix Version: 2.5.3 Update 1 [ 10650 ] |
Modified by: @dyemanovdescription: Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server. => Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server. All Firebird versions except v3.0 are affected. |
Modified by: @dyemanovsecurity: Developers [ 10012 ] => |
Modified by: @pmakowskisummary: Segfault in server caused by malformed network packet => Segfault in server caused by malformed network packet CVE-2014-9323 |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: No test => Cannot be tested |
Submitted by: @ibprovider
Attachments:
crash.cpp
Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server.
All Firebird versions except v3.0 are affected.
Commits: 4db617f 256b95e d310e46 FirebirdSQL/fbt-repository@f588ffa FirebirdSQL/fbt-repository@02cfa8f
The text was updated successfully, but these errors were encountered: