Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Nov 2012 10:28:29 -0500 (EST)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>,
        Damyan Ivanov <dmn@...ian.org>,
        Philippe Makowski <makowski@...ebird-fr.eu.org>
Subject: CVE Request -- firebird: DoS (NULL pointer dereference) while
 preparing an empty query with trace enabled

Hello Kurt, Steve, vendors,

  a denial of service flaw was found in the way the TraceManager of Firebird,
a SQL relational database management system, performed preparation of an empty
dynamic SQL query. When the trace mode was enabled, a remote, authenticated
database user could use this flaw to cause the Firebird server to crash with
a NULL pointer dereference.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210
[2] http://tracker.firebirdsql.org/browse/CORE-3884
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876613

Relevant upstream patch:
[4] http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ