Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault in server caused by malformed network packet CVE-2014-9323 [CORE4630] #4944

Closed
firebird-issue-importer opened this issue Dec 1, 2014 · 15 comments

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2014

Submitted by: @ibprovider

Attachments:
crash.cpp

Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server.

All Firebird versions except v3.0 are affected.

Commits: 4db617f 256b95e d310e46 FirebirdSQL/fbt-repository@f588ffa FirebirdSQL/fbt-repository@02cfa8f

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2014

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2014

Commented by: @AlexPeshkoff

Test program causing server to die.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2014

Modified by: @AlexPeshkoff

Attachment: crash.cpp [ 12642 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2014

Modified by: @AlexPeshkoff

Link: This issue is related to CORE4629 [ CORE4629 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 1, 2014

Modified by: @dyemanov

reporter: Alexander Peshkov [ alexpeshkoff ] => Kovalenko Dmitry [ _dima_k_ ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 2, 2014

Modified by: @dyemanov

Version: 3.0 Beta 1 [ 10332 ]

Version: 3.0 Alpha 2 [ 10560 ]

Version: 3.0 Alpha 1 [ 10331 ]

summary: Segfault in server caused by bad packet => Segfault in server caused by malformed network packet

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 3, 2014

Commented by: @AlexPeshkoff

Added checks for both status vector overflow and presence

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 3, 2014

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1.7 [ 10651 ]

Fix Version: 2.5.3 Update 1 [ 10650 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 9, 2014

Modified by: @dyemanov

Link: This issue is related to CORE4629 [ CORE4629 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 9, 2014

Modified by: @dyemanov

description: Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server. => Sending malformed packet to the server (op = op_response with any non-empty status vector data) instead expected op_connect makes server try to write data at NULL address cause NULL pointer to status vector is passed to xdr_status_vector() function. This attack does not require login to server.

All Firebird versions except v3.0 are affected.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 9, 2014

Modified by: @dyemanov

security: Developers [ 10012 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Dec 17, 2014

Modified by: @pmakowski

summary: Segfault in server caused by malformed network packet => Segfault in server caused by malformed network packet CVE-2014-9323

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 23, 2015

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 18, 2016

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented May 25, 2016

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment