NULL Pointer Denial of Service Vulnerability
Bug #1115902 reported by
Christian Kuersteiner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firebird2.5 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Unassigned | ||
Raring |
Fix Released
|
Medium
|
Unassigned |
Bug Description
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
Upstream patch:
http://
information type: | Private Security → Public Security |
Changed in firebird2.5 (Ubuntu Oneiric): | |
status: | New → Confirmed |
Changed in firebird2.5 (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in firebird2.5 (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in firebird2.5 (Ubuntu Raring): | |
status: | New → Confirmed |
Changed in firebird2.5 (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Changed in firebird2.5 (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in firebird2.5 (Ubuntu Raring): | |
importance: | Undecided → Medium |
Changed in firebird2.5 (Ubuntu Quantal): | |
importance: | Undecided → Medium |
Changed in firebird2.5 (Ubuntu Raring): | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
Quantal fix