Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A remote attacker can check, if a file is present in the system, running firebird server [CORE1312] #1731

Closed
firebird-issue-importer opened this issue Jun 9, 2007 · 13 comments

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Jun 9, 2007

Submitted by: @AlexPeshkoff

Is related to QA132

Bug was reported by David Calligaris <mailto:david.calligaris@emaze.net>:

------------------
There is an information disclosure vulnerability in the Firebird 2.0.1
protocol implementation that could allow a remote attacker to check if a
file is present in the remote system. Successfully exploitation of this
vulnerability allows the remote attacker to launch further attacks on
the remote host.

Proof Of Concept:
-----------------
Example of Windows User Enumeration:

<EXAMPLE>

diaul@yeshu:~$ isql-fb "192.168.1.75:C:\Documents and Settings\diaul"
Statement failed, SQLCODE = -902

I/O error for file "C:\Documents and Settings\diaul"
-Error while trying to open file
-Access is denied.

Use CONNECT or CREATE DATABASE to specify a database
SQL>

diaul@yeshu:~$ isql-fb "192.168.1.75:C:\Documents and Settings\FooBar"
Statement failed, SQLCODE = -902

I/O error for file "C:\Documents and Settings\FooBar"
-Error while trying to open file
-The system cannot find the file specified.

Use CONNECT or CREATE DATABASE to specify a database
SQL>

</EXAMPLE>

You can see there are two different error messages for valid and invalid
resources.
------------------

The reason of a bug is that password validation is done almost in the end of database attach/create calls.

Commits: c76f165 e5f1e63

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 9, 2007

Commented by: @AlexPeshkoff

Now password validation is done as soon as possible - right after getting database options from DPB. This makes 'bad password' first exception to happen when connecting to server, at the same time making it save a lot of job in case of wrong credentials passed.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 9, 2007

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 Beta 1 [ 10141 ]

Fix Version: 2.0.2 [ 10130 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 9, 2007

Modified by: @AlexPeshkoff

Fix Version: 2.1.0 [ 10041 ]

Version: 2.1 Alpha 1 [ 10150 ] =>

Version: 2.1 Initial [ 10160 ] =>

Version: 1.5.4 [ 10100 ] =>

Version: 2.0.0 [ 10091 ] =>

Version: 1.5.3 [ 10028 ] =>

Version: 1.5.2 [ 10027 ] =>

Version: 1.5.1 [ 10026 ] =>

Version: 1.5.0 [ 10025 ] =>

Version: 1.0.3 [ 10006 ] =>

Fix Version: 2.1 Beta 1 [ 10141 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 17, 2007

Modified by: @pcisar

Fix Version: 2.1 Beta 1 [ 10141 ]

summary: A remote attacker can check, if a
file is present in the system, running firebird server

=>

A remote attacker can check, if a file is present in the system, running firebird server

Fix Version: 2.1.0 [ 10041 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 20, 2007

Modified by: @pcisar

Link: This issue is related to QA132 [ QA132 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 18, 2007

Commented by: @pmakowski

Are you sure it is solved ?

here what I get under Windows with FB2.1.0Beta1

C:\FB21\bin>isql "192.168.1.10:c:\driver\rappin_ch09.pdf"
Statement failed, SQLCODE = -922
file C:\DRIVER\RAPPIN_CH09.PDF is not a valid database
Use CONNECT or CREATE DATABASE to specify a database
SQL> exit;

C:\FB21\bin>isql "192.168.1.10:c:\driver\rappin_ch0.pdf"
Statement failed, SQLCODE = -902
I/O error for file "c:\driver\rappin_ch0.pdf"
-Error while trying to open file
-Le fichier specifie est introuvable.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 18, 2007

Modified by: @pmakowski

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 19, 2007

Commented by: @AlexPeshkoff

Pavel, this all makes sense only for attempts to connect by users, not having valid login/password on server. I noticed there are no -u/-p switches, but may be you have correct pair in environment? Next, since 2.1 beta1 trusted authentication also works for windows - i.e. you will be connected to a database with your windows logon as CURRENT_USER if you have logged to the windows server.

Please try something like:
isql -u QQQ -p ZZZ "192.168.1.10:c:\driver\rappin_ch09.pdf"
to make sure no default attempts to login are done.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 19, 2007

Commented by: @pmakowski

Sorry

Seems I made the bad test

If I try to connect from another box, you are right, the bug is solved
and yes I forget the feature that even if I have no correct pair in my environnement, the trusted authentification also works for windows

so I'll close the bug

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 19, 2007

Commented by: @pmakowski

Q/A test made and ok

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 19, 2007

Modified by: @pmakowski

status: Reopened [ 4 ] => Closed [ 6 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 Beta 2 [ 10190 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 12286 ] => Firebird [ 14788 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 29, 2015

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: Done successfully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants