Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability in FITS and NETCDF data vaults #6258

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Vulnerability in FITS and NETCDF data vaults #6258

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2017-04-07 11:59:03 +0200
From: @kutsurak
To: SQL devs <>
Version: 11.25.15 (Dec2016-SP3)

Last updated: 2017-05-01 13:32:08 +0200

Comment 25205

Date: 2017-04-07 11:59:03 +0200
From: @kutsurak

User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build Identifier:

Specially crafted netcdf and fits files, could allow attackers to execute arbitrary SQL.

Due to the way the function SQLstatementIntern is called in both these cases, an attacker cannot actually get any data out of the database, but could delete data, insert data or create/drop/alter tables.

Examples are attached.

Reproducible: Always

Comment 25206

Date: 2017-04-07 12:00:54 +0200
From: MonetDB Mercurial Repository <>

Changeset 9415609bc718 made by Panagiotis Koutsourakis kutsurak@monetdbsolutions.com in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=9415609bc718

Changeset description:

Fix security vulnerability in FITS and NETCDF datavaults

This solves Bug #6258
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant