Package: firebird2-super-server,firebird2-classic-server Version: 1.5.3.4870-2 Severity: critical Tags: security help Justification: root security hole
As noted in [1], fbserver (the daemon listening for TCP, found in firebird2-super-server, source package firebird2) crashes if given too long database name. The crash occurs *before* authentication and thus does not require knowledge of a valid database user/password. [1] https://sourceforge.net/tracker/?func=detail&atid=109028&aid=1282031&group_id=9028 securityfocus' advisory[2] claims version 1.5 is not vulnerable, but I've just reproduced the crash using 1.5.2-10 that is in Debian/sarge and etch. Upstream claimed[1] that this is fixed in 1.5.3, but I can still reproduce it with 1.5.3.4870-2 from yesterday, which was supposed to fix other (local) buffer overflows (see #357173). [2] http://www.securityfocus.com/bid/10446/discuss === How to reproduce === $ gsec -database localhost:`perl -e'print ("A"x300)'` \ -user doesnt -passwd matter invalid switch specified error in switch specifications Unable to complete network request to host "localhost". Error reading data from the connection. unable to open database "Unable to complete network request" usually means that the server has crashed. And indeed, looking at /var/log/firebird.log gives: amd64 (Client) Sat Mar 18 10:52:19 2006 /usr/lib/firebird2/bin/fbguard: bin/fbserver terminated abnormally (-1) So the server has crashed. ============ Same happens with firebird2-classic-server, only there is nothing in firebird.log I am yet to verify the pristine upstream builds (without debian patches) and report it to upstream. Any help for these tasks from people knowing firebird (preferably subscribed to firebird-devel) is warmly appretiated. --- dam -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13+reiser4+dam.1 Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8) Versions of packages firebird2-super-server depends on: ii adduser 3.85 Add and remove users and groups ii firebird2-server-common 1.5.3.4870-2 Common files for Firebird - an RDB ii libc6 2.3.6-3 GNU C Library: Shared libraries an ii libfbclient1 1.5.3.4870-2 Firebird client library ii libgcc1 1:4.0.3-1 GCC support library ii libncurses5 5.5-1 Shared libraries for terminal hand ii libstdc++6 4.0.3-1 The GNU Standard C++ Library v3 firebird2-super-server recommends no packages. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
