Date: Wed, 14 Nov 2012 10:28:29 -0500 (EST) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Damyan Ivanov <dmn@...ian.org>, Philippe Makowski <makowski@...ebird-fr.eu.org> Subject: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Hello Kurt, Steve, vendors, a denial of service flaw was found in the way the TraceManager of Firebird, a SQL relational database management system, performed preparation of an empty dynamic SQL query. When the trace mode was enabled, a remote, authenticated database user could use this flaw to cause the Firebird server to crash with a NULL pointer dereference. References:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210  http://tracker.firebirdsql.org/browse/CORE-3884  https://bugzilla.redhat.com/show_bug.cgi?id=876613 Relevant upstream patch:  http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ