Your message dated Mon, 20 Mar 2006 08:17:13 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#357580: fixed in firebird2 1.5.3.4870-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: firebird2-super-server,firebird2-classic-server
Version: 1.5.3.4870-2
Severity: critical
Tags: security help
Justification: root security hole
As noted in [1], fbserver (the daemon listening for TCP, found in
firebird2-super-server, source package firebird2) crashes if given too
long database name. The crash occurs *before* authentication and thus
does not require knowledge of a valid database user/password.
[1]
https://sourceforge.net/tracker/?func=detail&atid=109028&aid=1282031&group_id=9028
securityfocus' advisory[2] claims version 1.5 is not vulnerable, but
I've just reproduced the crash using 1.5.2-10 that is in Debian/sarge
and etch. Upstream claimed[1] that this is fixed in 1.5.3, but I can
still reproduce it with 1.5.3.4870-2 from yesterday, which was supposed
to fix other (local) buffer overflows (see #357173).
[2] http://www.securityfocus.com/bid/10446/discuss
=== How to reproduce ===
$ gsec -database localhost:`perl -e'print ("A"x300)'` \
-user doesnt -passwd matter
invalid switch specified
error in switch specifications
Unable to complete network request to host "localhost".
Error reading data from the connection.
unable to open database
"Unable to complete network request" usually means that the server has
crashed. And indeed, looking at /var/log/firebird.log gives:
amd64 (Client) Sat Mar 18 10:52:19 2006
/usr/lib/firebird2/bin/fbguard: bin/fbserver terminated abnormally (-1)
So the server has crashed.
============
Same happens with firebird2-classic-server, only there is nothing in
firebird.log
I am yet to verify the pristine upstream builds (without debian patches)
and report it to upstream. Any help for these tasks from people knowing
firebird (preferably subscribed to firebird-devel) is warmly
appretiated.
---
dam
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13+reiser4+dam.1
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Versions of packages firebird2-super-server depends on:
ii adduser 3.85 Add and remove users and groups
ii firebird2-server-common 1.5.3.4870-2 Common files for Firebird - an RDB
ii libc6 2.3.6-3 GNU C Library: Shared libraries an
ii libfbclient1 1.5.3.4870-2 Firebird client library
ii libgcc1 1:4.0.3-1 GCC support library
ii libncurses5 5.5-1 Shared libraries for terminal hand
ii libstdc++6 4.0.3-1 The GNU Standard C++ Library v3
firebird2-super-server recommends no packages.
--- End Message ---
--- Begin Message ---
Source: firebird2
Source-Version: 1.5.3.4870-3
We believe that the bug you reported is fixed in the latest version of
firebird2, which is due to be installed in the Debian FTP archive:
firebird2-classic-server_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-classic-server_1.5.3.4870-3_i386.deb
firebird2-dev_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-dev_1.5.3.4870-3_i386.deb
firebird2-examples_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-examples_1.5.3.4870-3_i386.deb
firebird2-server-common_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-server-common_1.5.3.4870-3_i386.deb
firebird2-super-server_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-super-server_1.5.3.4870-3_i386.deb
firebird2-utils-classic_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-utils-classic_1.5.3.4870-3_i386.deb
firebird2-utils-super_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/firebird2-utils-super_1.5.3.4870-3_i386.deb
firebird2_1.5.3.4870-3.diff.gz
to pool/main/f/firebird2/firebird2_1.5.3.4870-3.diff.gz
firebird2_1.5.3.4870-3.dsc
to pool/main/f/firebird2/firebird2_1.5.3.4870-3.dsc
libfbclient1_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/libfbclient1_1.5.3.4870-3_i386.deb
libfbembed1_1.5.3.4870-3_i386.deb
to pool/main/f/firebird2/libfbembed1_1.5.3.4870-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Damyan Ivanov <[EMAIL PROTECTED]> (supplier of updated firebird2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 20 Mar 2006 11:55:19 +0200
Source: firebird2
Binary: firebird2-utils-classic libfbclient1 firebird2-super-server libfbembed1
firebird2-dev firebird2-server-common firebird2-utils-super firebird2-examples
firebird2-classic-server
Architecture: source i386
Version: 1.5.3.4870-3
Distribution: unstable
Urgency: high
Maintainer: Damyan Ivanov <[EMAIL PROTECTED]>
Changed-By: Damyan Ivanov <[EMAIL PROTECTED]>
Description:
firebird2-classic-server - Firebird Classic Server - an RDBMS based on
InterBase 6.0 code
firebird2-dev - Development files for Firebird - an RDBMS based on InterBase
6.0
firebird2-examples - Examples for Firebird - an RDBMS based on InterBase 6.0
code
firebird2-server-common - Common files for Firebird - an RDBMS based on
InterBase 6.0 code
firebird2-super-server - Firebird Super Server - an RDBMS based on InterBase
6.0 code
firebird2-utils-classic - Utilities for Firebird - an RDBMS based on InterBase
6.0 code
firebird2-utils-super - Utilities for Firebird - an RDBMS based on InterBase
6.0 code
libfbclient1 - Firebird client library
libfbembed1 - Firebird embedded client/server library
Closes: 357580
Changes:
firebird2 (1.5.3.4870-3) unstable; urgency=high
.
* Urgency high due to fixed remote security vulnerability
.
* [security] Plumb remote pre-authetication crash. Possible code execution as
user firebird. [src/jrd/unix.cpp]
Closes: #357580
Files:
219bd2b3c26157399a06222addc3dcf7 1161 misc optional firebird2_1.5.3.4870-3.dsc
923c903aa70996641f7706e499cec38a 504176 misc optional
firebird2_1.5.3.4870-3.diff.gz
59d6a06c73d6449e0557b9192b39c716 1268888 misc optional
firebird2-super-server_1.5.3.4870-3_i386.deb
cd081822afe202e18395ee648fc517ec 380444 misc optional
firebird2-classic-server_1.5.3.4870-3_i386.deb
0e3987deb975d3194167b8646ffe02c5 379952 libs optional
libfbclient1_1.5.3.4870-3_i386.deb
10c9bdeda041841e68bccd2bbe5a43de 1060356 libs optional
libfbembed1_1.5.3.4870-3_i386.deb
c6100f181e5131a619591e7485a87429 579978 misc optional
firebird2-server-common_1.5.3.4870-3_i386.deb
25837348b40824f03f5bd14f4c1c17f6 1064060 utils optional
firebird2-utils-super_1.5.3.4870-3_i386.deb
3537b65636a8f3531d272e918d631c62 1037282 utils optional
firebird2-utils-classic_1.5.3.4870-3_i386.deb
1ea89de40a3e045be2da6683961d0c52 271718 libdevel optional
firebird2-dev_1.5.3.4870-3_i386.deb
f18adcc4952ecbd8fbae315e92ccfcfe 342920 doc optional
firebird2-examples_1.5.3.4870-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEHtEjpFNRmenyx0cRArTmAKCgHA8EXMGEOdpeSVMkNqyPYCkEkACg25k7
TlXinfqhO+GuBj/+IDuhARI=
=tg6L
-----END PGP SIGNATURE-----
--- End Message ---
