Date: Sun, 10 Jan 2016 15:37:12 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: Damyan Ivanov <dmn@...ian.org> Subject: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter Hi, The FireBird RDBMS can be crashed remotely by an authenticated client by invoking gbak via the service manager using invalid command line switch and lead to denial of service. The issue was introduced in version 2.5.5. Upstream report: http://tracker.firebirdsql.org/browse/CORE-5068 Upstream fix: http://sourceforge.net/p/firebird/code/62783/ Debian bug: https://bugs.debian.org/810599 Can a CVE be assigned for his issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ