CVE-2016-1569 : FireBird bug introduced in 2.5.5: authenticated clients crash FireBird when running gbak with invalid parameter

The FireBird RDBMS can be crashed remotely by an authenticated client
by invoking gbak via the service manager using invalid command line
switch and lead to denial of service.

The issue was introduced in version 2.5.5.

Upstream report:
http://tracker.firebirdsql.org/browse/CORE-5068

Upstream fix: 
http://sourceforge.net/p/firebird/code/62783/

Debian bug:
https://bugs.debian.org/810599

CVE-2016-1569 Status in Debian:
https://security-tracker.debian.org/tracker/CVE-2016-1569
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Leave a Reply