Debian Bug report logs - #460048
Garbage data in the incoming remote packet may crash the server

version graph

Package: firebird2.0; Maintainer for firebird2.0 is (unknown);

Reported by: Damyan Ivanov <dmn@debian.org>

Date: Thu, 10 Jan 2008 09:36:01 UTC

Severity: normal

Tags: security

Found in version 2.0.3.12981.ds1-1

Fixed in versions firebird2.0/2.0.3.12981.ds1-4, firebird2.0/2.0.3.12981.ds1-1+lenny1

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>:
Bug#460048; Package firebird2.0. Full text and rfc822 format available.

Acknowledgement sent to Damyan Ivanov <dmn@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Damyan Ivanov <dmn@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Garbage data in the incoming remote packet may crash the server
Date: Thu, 10 Jan 2008 11:28:46 +0200
Package: firebird2.0
Version: 2.0.3.12981.ds1-1
Severity: normal
Tags: security

This was reported to the upstream's bug tracker[1]

> If some kinds of remote packets contain wrong (garbage) data, it may
> cause an invalid memory access inside the server, forcing a crash.

There's also a patch that should be appliable to the 2.0.3 sources. (and
yes, I am working on including it)

[1] http://tracker.firebirdsql.org/browse/CORE-1681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

-- System Information:
Debian Release: lenny/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.23-1-686 (SMP w/2 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Tags added: pending Request was from Damyan Ivanov <dam@modsoftsys.com> to control@bugs.debian.org. (Thu, 10 Jan 2008 10:06:04 GMT) Full text and rfc822 format available.

Reply sent to Damyan Ivanov <dmn@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Damyan Ivanov <dmn@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 460048-close@bugs.debian.org (full text, mbox):

From: Damyan Ivanov <dmn@debian.org>
To: 460048-close@bugs.debian.org
Subject: Bug#460048: fixed in firebird2.0 2.0.3.12981.ds1-4
Date: Thu, 10 Jan 2008 15:02:04 +0000
Source: firebird2.0
Source-Version: 2.0.3.12981.ds1-4

We believe that the bug you reported is fixed in the latest version of
firebird2.0, which is due to be installed in the Debian FTP archive:

firebird2.0-classic_2.0.3.12981.ds1-4_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-classic_2.0.3.12981.ds1-4_i386.deb
firebird2.0-common_2.0.3.12981.ds1-4_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-common_2.0.3.12981.ds1-4_i386.deb
firebird2.0-dev_2.0.3.12981.ds1-4_all.deb
  to pool/main/f/firebird2.0/firebird2.0-dev_2.0.3.12981.ds1-4_all.deb
firebird2.0-doc_2.0.3.12981.ds1-4_all.deb
  to pool/main/f/firebird2.0/firebird2.0-doc_2.0.3.12981.ds1-4_all.deb
firebird2.0-examples_2.0.3.12981.ds1-4_all.deb
  to pool/main/f/firebird2.0/firebird2.0-examples_2.0.3.12981.ds1-4_all.deb
firebird2.0-super_2.0.3.12981.ds1-4_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-super_2.0.3.12981.ds1-4_i386.deb
firebird2.0_2.0.3.12981.ds1-4.diff.gz
  to pool/main/f/firebird2.0/firebird2.0_2.0.3.12981.ds1-4.diff.gz
firebird2.0_2.0.3.12981.ds1-4.dsc
  to pool/main/f/firebird2.0/firebird2.0_2.0.3.12981.ds1-4.dsc
libfbclient2_2.0.3.12981.ds1-4_i386.deb
  to pool/main/f/firebird2.0/libfbclient2_2.0.3.12981.ds1-4_i386.deb
libfbembed2_2.0.3.12981.ds1-4_i386.deb
  to pool/main/f/firebird2.0/libfbembed2_2.0.3.12981.ds1-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 460048@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <dmn@debian.org> (supplier of updated firebird2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 10 Jan 2008 13:07:42 +0200
Source: firebird2.0
Binary: libfbembed2 firebird2.0-dev firebird2.0-doc libfbclient2 firebird2.0-classic firebird2.0-common firebird2.0-super firebird2.0-examples
Architecture: source all i386
Version: 2.0.3.12981.ds1-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>
Changed-By: Damyan Ivanov <dmn@debian.org>
Description: 
 firebird2.0-classic - Firebird Classic Server - an RDBMS based on InterBase 6.0 code
 firebird2.0-common - common files for firebird 2.0 servers and clients
 firebird2.0-dev - Development files for Firebird - an RDBMS based on InterBase 6.0 
 firebird2.0-doc - Documentation files for firebird database version 2.0
 firebird2.0-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 code
 firebird2.0-super - Firebird Super Server - an RDBMS based on InterBase 6.0 code
 libfbclient2 - Firebird client library
 libfbembed2 - Firebird embedded client/server library
Closes: 460048
Changes: 
 firebird2.0 (2.0.3.12981.ds1-4) unstable; urgency=medium
 .
   * Add cvs-security-remote-crash.patch. Closes: #460048 -- Garbage
     data in incoming remote packet may crash the server.
     Urgency medium as this is at least a DoS
 .
   * Fix incorrect page size example. Thanks to Marek Moskwa
     <marek.moskwa@gmail.com>
   * Refresh gbak.sgml
   * Add symlinks from $FB/bin to /usr/bin for all utilities
   * Do not ship empty $FB/lib/ in -dev
   * Do not ship empty $FB/misc/ in -classic
   * Standards-Version 3.7.3 (no changes)
Files: 
 464a5aab549352ffe89cb3f7cda139a4 1176 misc optional firebird2.0_2.0.3.12981.ds1-4.dsc
 daba72431e14b4adc21294df7b05beb2 401413 misc optional firebird2.0_2.0.3.12981.ds1-4.diff.gz
 24c2a5af201f9948136c81d6e02aaea1 434852 libdevel optional firebird2.0-dev_2.0.3.12981.ds1-4_all.deb
 33db7af575317af2bfbe7143c5738762 534124 doc optional firebird2.0-examples_2.0.3.12981.ds1-4_all.deb
 3171498325aa299e6e9ed08e1e144eea 1240646 doc optional firebird2.0-doc_2.0.3.12981.ds1-4_all.deb
 ce75f1bf88c1c55a7b82c572d0ddfa55 2815898 misc optional firebird2.0-super_2.0.3.12981.ds1-4_i386.deb
 eb9f8679d27c9a4cbdf48b5046402e6b 1674792 misc optional firebird2.0-classic_2.0.3.12981.ds1-4_i386.deb
 3c9fdb92155f8d68ae3d8fb07ffde1d5 610050 libs optional libfbclient2_2.0.3.12981.ds1-4_i386.deb
 b7512654066a62395fe89bdfe6dfb23a 1472032 libs optional libfbembed2_2.0.3.12981.ds1-4_i386.deb
 342151cbd974802ae4f6303cf9821a74 893932 misc optional firebird2.0-common_2.0.3.12981.ds1-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHhi62Hqjlqpcl9jsRAuvBAKCapSYKPA5964X2Fv4f3Eo9RjuuAQCgvje8
uk3eEHnJy5Q2Aew3jlaWLtA=
=rshH
-----END PGP SIGNATURE-----





Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Damyan Ivanov <dmn@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 460048-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 460048-close@bugs.debian.org
Subject: Bug#460048: fixed in firebird2.0 2.0.3.12981.ds1-1+lenny1
Date: Tue, 29 Jan 2008 17:17:05 +0000
Source: firebird2.0
Source-Version: 2.0.3.12981.ds1-1+lenny1

We believe that the bug you reported is fixed in the latest version of
firebird2.0, which is due to be installed in the Debian FTP archive:

firebird-utils_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird-utils_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-classic_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-classic_2.0.3.12981.ds1-1+lenny1_i386.deb
firebird2.0-common_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-common_2.0.3.12981.ds1-1+lenny1_i386.deb
firebird2.0-dev_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird2.0-dev_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-doc_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird2.0-doc_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-examples_2.0.3.12981.ds1-1+lenny1_all.deb
  to pool/main/f/firebird2.0/firebird2.0-examples_2.0.3.12981.ds1-1+lenny1_all.deb
firebird2.0-super_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/firebird2.0-super_2.0.3.12981.ds1-1+lenny1_i386.deb
firebird2.0_2.0.3.12981.ds1-1+lenny1.diff.gz
  to pool/main/f/firebird2.0/firebird2.0_2.0.3.12981.ds1-1+lenny1.diff.gz
firebird2.0_2.0.3.12981.ds1-1+lenny1.dsc
  to pool/main/f/firebird2.0/firebird2.0_2.0.3.12981.ds1-1+lenny1.dsc
libfbclient2_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/libfbclient2_2.0.3.12981.ds1-1+lenny1_i386.deb
libfbembed2_2.0.3.12981.ds1-1+lenny1_i386.deb
  to pool/main/f/firebird2.0/libfbembed2_2.0.3.12981.ds1-1+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 460048@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated firebird2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 23 Jan 2008 13:08:10 +0100
Source: firebird2.0
Binary: firebird-utils libfbembed2 firebird2.0-dev firebird2.0-doc libfbclient2 firebird2.0-classic firebird2.0-common firebird2.0-super firebird2.0-examples
Architecture: source all i386
Version: 2.0.3.12981.ds1-1+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian Firebird Group <pkg-firebird-general@lists.alioth.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 firebird-utils - manager for multiple Firebird utilities versions
 firebird2.0-classic - Firebird Classic Server - an RDBMS based on InterBase 6.0 code
 firebird2.0-common - common files for firebird 2.0 servers and clients
 firebird2.0-dev - Development files for Firebird - an RDBMS based on InterBase 6.0 
 firebird2.0-doc - Documentation files for firebird database version 2.0
 firebird2.0-examples - Examples for Firebird - an RDBMS based on InterBase 6.0 code
 firebird2.0-super - Firebird Super Server - an RDBMS based on InterBase 6.0 code
 libfbclient2 - Firebird client library
 libfbembed2 - Firebird embedded client/server library
Closes: 460048
Changes: 
 firebird2.0 (2.0.3.12981.ds1-1+lenny1) testing-security; urgency=high
 .
   * Non-maintainer upload by security team.
   * Add cvs-security-remote-crash.patch (Closes: #460048)
     - Garbage data in incoming remote paket may crash the server,
       CVE id pending.
Files: 
 5ec8ed91c53d1b90f99348287f9fb7c5 1050 misc optional firebird2.0_2.0.3.12981.ds1-1+lenny1.dsc
 635360c67963099772207cf54ad096fc 7019232 misc optional firebird2.0_2.0.3.12981.ds1.orig.tar.gz
 ccb80620144786ba55189dbdcba21cc6 399118 misc optional firebird2.0_2.0.3.12981.ds1-1+lenny1.diff.gz
 3af34e413749e872c9b00eea2317cf01 392620 utils optional firebird-utils_2.0.3.12981.ds1-1+lenny1_all.deb
 efffe5e0c35b24203ad82de6ab8c882c 435046 libdevel optional firebird2.0-dev_2.0.3.12981.ds1-1+lenny1_all.deb
 466533eaba739613fab6c68bd288ed68 533088 doc optional firebird2.0-examples_2.0.3.12981.ds1-1+lenny1_all.deb
 b057bae23dd65b108e5b7375f3efd950 1239474 doc optional firebird2.0-doc_2.0.3.12981.ds1-1+lenny1_all.deb
 91e33d28f9b4395c52f94306853ffea3 2814980 misc optional firebird2.0-super_2.0.3.12981.ds1-1+lenny1_i386.deb
 af71deaafc0dd5b154dc75e163fe9fd7 1678972 misc extra firebird2.0-classic_2.0.3.12981.ds1-1+lenny1_i386.deb
 e3da24335c03d2fa9eb01c8270458ca6 609600 libs optional libfbclient2_2.0.3.12981.ds1-1+lenny1_i386.deb
 933ca5195c03a75fe9f4487b47ff40f1 1469654 libs optional libfbembed2_2.0.3.12981.ds1-1+lenny1_i386.deb
 b567c8b65e92b0d3a47db07b7db12810 892784 misc optional firebird2.0-common_2.0.3.12981.ds1-1+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHmePhHYflSXNkfP8RAlNpAKCcM59WoTu6uPwlXXOZLMdhKWAf3gCguKJP
JmTxd/AxQSE3EPTpHZeia0Y=
=g4NM
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 05 Mar 2008 07:30:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 15:34:28 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.