CVE-2009-2620: Input Validation
First published: Tue Jul 28 2009(Updated: )
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FirebirdSQL | <=2.0.3 | |
| FirebirdSQL | =1.5 | |
| FirebirdSQL | =1.5.1 | |
| FirebirdSQL | =1.5.2 | |
| FirebirdSQL | =1.5.2.4731 | |
| FirebirdSQL | =1.5.3.4870 | |
| FirebirdSQL | =1.5.4.4910 | |
| FirebirdSQL | =1.5.5 | |
| FirebirdSQL | =2.0.0 | |
| FirebirdSQL | =2.0.0.12748 | |
| FirebirdSQL | =2.0.1 | |
| FirebirdSQL | =2.0.2 | |
| FirebirdSQL | =2.1 | |
| FirebirdSQL | =2.1.2 | |
| FirebirdSQL | =2.1.3-rc1 | |
| FirebirdSQL | =2.5 | |
| FirebirdSQL | =2.5-beta_2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://tracker.firebirdsql.org/browse/CORE-2563
- http://www.securityfocus.com/bid/35842
- http://www.coresecurity.com/content/firebird-sql-dos
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html
- https://bugzilla.redhat.com/show_bug.cgi?id=514463
- http://www.exploit-db.com/exploits/9295
- http://www.securityfocus.com/bid/35842/info
- http://www.securityfocus.com/data/vulnerabilities/exploits/35842.py
- http://firebird.cvs.sourceforge.net/viewvc/firebird/firebird2/src/remote/server.cpp?r1=1.158.2.6&r2=1.158.2.7&view=patch
- https://access.redhat.com/security/cve/CVE-2009-2620
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-1.fc10
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-1.el5
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-1.el4
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-1.fc11
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-2.fc10
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-2.el4
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-2.fc11
- http://admin.fedoraproject.org/updates/firebird-2.1.3.18185.0-2.el5
- https://www.cve.org/CVERecord?id=CVE-2009-2620 https://nvd.nist.gov/vuln/detail/CVE-2009-2620
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2620.json
Frequently Asked Questions
What is the severity of CVE-2009-2620?
CVE-2009-2620 is classified as a denial of service vulnerability that may cause a crash of the Firebird SQL daemon.
How do I fix CVE-2009-2620?
To address CVE-2009-2620, upgrade to Firebird SQL version 1.5.6, 2.0.6, 2.1.3 or later.
What software versions are affected by CVE-2009-2620?
Firebird SQL versions 1.5, 2.0 up to 2.0.5, 2.1 up to 2.1.2, and 2.5 prior to Beta 2 are affected by CVE-2009-2620.
Can CVE-2009-2620 be exploited remotely?
Yes, CVE-2009-2620 can be exploited remotely via a malformed op_connect_request message.
What impact does CVE-2009-2620 have on systems?
CVE-2009-2620 allows attackers to cause a denial of service through daemon crashes.
- agent/weakness
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2620
- collector/redhat-cve
- agent/type
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/firebirdsql
- canonical/firebirdsql
- version/firebirdsql/2.0.3
- version/firebirdsql/1.5
- version/firebirdsql/1.5.1
- version/firebirdsql/1.5.2
- version/firebirdsql/1.5.2.4731
- version/firebirdsql/1.5.3.4870
- version/firebirdsql/1.5.4.4910
- version/firebirdsql/1.5.5
- version/firebirdsql/2.0.0
- version/firebirdsql/2.0.0.12748
- version/firebirdsql/2.0.1
- version/firebirdsql/2.0.2
- version/firebirdsql/2.1
- version/firebirdsql/2.1.2
- version/firebirdsql/2.1.3-rc1
- version/firebirdsql/2.5
- version/firebirdsql/2.5-beta_2