One more reason to upgrade to Firebird 2.5.2 : CVE-2012-5529

News via oss-sec and [pkg-firebird-general] mailing list
A denial of service flaw was found in the way the TraceManager of
Firebird, performed preparation of an empty dynamic SQL query. When the trace mode was
enabled, a remote, authenticated database user could use this flaw
to cause the Firebird server to crash with a NULL pointer dereference.

References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693210
[2] http://tracker.firebirdsql.org/browse/CORE-3884
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876613

Relevant upstream patch: [4]
http://firebird.svn.sourceforge.net/viewvc/firebird?pathrev=54702&revision=54702&view=revision

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

Leave a Reply