| Summary: | dev-db/firebird SQL op_connect_request main listener shutdown vulnerability (CVE-2009-2620) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Brayan Arraes (YacK) <brayan> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | minor | CC: | patrick, proxy-maint, wlt-ml |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.coresecurity.com/content/firebird-sql-dos | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 419191 | ||
| Bug Blocks: | |||
Not sure if this applies to Gentoo, since we do not have any of the versions listed below in tree. However if it exists in 2.0.5, then it could exist in 2.0.3, which is still in tree. Likely need to see about removing 2.0.x versions from tree. Possibly even 2.1.x at some point, since they are all in the same slot. As William L. Thomson Jr. said firebird 2.0 is not in the tree anymore , can be closed @security, this is obsolete and doesn't affect current versions in the tree How many years must pass before this bug is closed? More than 4 years passed, no vulnerable versions in tree - closing as OBSOLETE |
A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected op_connect_request message with invalid data to the server. Vulnerable packages * Firebird SQL v1.5.5 * Firebird SQL v2.0.1 * Firebird SQL v2.0.5 * Firebird SQL v2.1.1 * Firebird SQL v2.1.2 * Firebird SQL v2.1.3 RC1 * Firebird SQL v2.5.0 Beta 1 Reproducible: Always