oss-sec mailing list archives
Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Nov 2012 10:24:08 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/14/2012 08:28 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, a denial of service flaw was found in the way the TraceManager of Firebird, a SQL relational database management system, performed preparation of an empty dynamic SQL query. When the trace mode was enabled, a remote, authenticated database user could use this flaw to cause the Firebird server to crash with a NULL pointer dereference. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210 [2] http://tracker.firebirdsql.org/browse/CORE-3884 [3] https://bugzilla.redhat.com/show_bug.cgi?id=876613 Relevant upstream patch: [4] http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-5529 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQo9O3AAoJEBYNRVNeJnmTc+cP/jWrCf2mXolIIEYiocuxQIWq GlxvEmkZ7+TURvl0McVUVmvsa4J1yTTpwRoPj1RZ1c/Peo045leOGgdbJOPGsTrw GQ5/KBQUv7OfGsLN9XSJZ566dQa8vZx4jBeZu4fozBB5NS6mz7DWRYzglg5YHrdS 9epV1DXNZBD/hdrhQy3hWrRi5jCIlHU3R5GIC8PkpIeQ81fwYIPHMrZ3abAYHzIP hiag1p8mYRjPqiCk0h9dmPu/wKGqAtLvi00UgpvmTig603JF6LeqUt0Pp6rt9R57 LzRJejkFjAID2djvBaC0XZBR2qwrwacQX55amnYu11LEz1X7QSaNYUHS005nYZqP VMPEBq8hPmR/9DfqnO5Bh70DXcH1DegR3zpp4JuSQYUVErUu6x2lb5f6vpZ+NY1W CXvA0wcyzVmWrXdA9lIWSP6lHHpFgRAPSwFzsgq7FqWw8gzBpPOr6GYZrQ/SbEI0 4/GMxSWhrz5mPWUNDdEegqRsa+P5CpQPOTFKfD8Q2RHKvj8M39goZ4LODYL7P7hI AraCl9sNU6A+ErzXMHbOcg/UaA+MQ8ict4RXmncfipPIszGbZqqGNBtVbZyk9Hm9 c+2m3cxcFBqqlwb5y/7zpVPV1P+XsEpsAxqqaocvwedyysK6Vdl4OHjo6fHBtdeh t1BtMiDlBBlD49E9n3dS =s6jB -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Jan Lieskovsky (Nov 14)
- Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Kurt Seifried (Nov 14)