Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 279800 (CVE-2009-2620) - dev-db/firebird SQL op_connect_request main listener shutdown vulnerability (CVE-2009-2620)
Summary: dev-db/firebird SQL op_connect_request main listener shutdown vulnerability (...
Status: RESOLVED OBSOLETE
Alias: CVE-2009-2620
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.coresecurity.com/content/f...
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 419191
Blocks:
  Show dependency tree
 
Reported: 2009-07-31 13:52 UTC by Brayan Arraes (YacK)
Modified: 2015-10-06 08:36 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brayan Arraes (YacK) 2009-07-31 13:52:28 UTC
A remote denial of service vulnerability has been found in Firebird SQL, which can be exploited by a remote attacker to force the server to close the socket where it is listening for incoming connections and to enter an infinite loop, by sending an unexpected op_connect_request message with invalid data to the server. 

Vulnerable packages

    * Firebird SQL v1.5.5
    * Firebird SQL v2.0.1
    * Firebird SQL v2.0.5
    * Firebird SQL v2.1.1
    * Firebird SQL v2.1.2
    * Firebird SQL v2.1.3 RC1
    * Firebird SQL v2.5.0 Beta 1

Reproducible: Always
Comment 1 William L. Thomson Jr. 2011-02-23 19:30:23 UTC
Not sure if this applies to Gentoo, since we do not have any of the versions listed below in tree. However if it exists in 2.0.5, then it could exist in 2.0.3, which is still in tree. Likely need to see about removing 2.0.x versions from tree. Possibly even 2.1.x at some point, since they are all in the same slot.
Comment 2 Adrian Marius Popa 2014-11-26 14:27:23 UTC
As William L. Thomson Jr. said firebird 2.0 is not in the tree anymore , can be closed
Comment 3 Pacho Ramos gentoo-dev 2014-12-11 11:39:45 UTC
@security, this is obsolete and doesn't affect current versions in the tree
Comment 4 William L. Thomson Jr. 2015-10-05 13:41:31 UTC
How many years must pass before this bug is closed?
Comment 5 Sergey Popov gentoo-dev 2015-10-06 08:36:19 UTC
More than 4 years passed, no vulnerable versions in tree - closing as OBSOLETE