Executive Summary

Informations
Name CVE-2009-2620 First vendor Publication 2009-07-29
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

ExploitDB Exploits

id Description
2009-07-28 Firebird SQL op_connect_request main listener shutdown Vulnerability

OpenVAS Exploits

Date Description
2009-09-11 Name : Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
File : nvt/gb_firebird_dos_vuln_win.nasl
2009-09-02 Name : Fedora Core 10 FEDORA-2009-8317 (firebird)
File : nvt/fcore_2009_8317.nasl
2009-09-02 Name : Fedora Core 11 FEDORA-2009-8340 (firebird)
File : nvt/fcore_2009_8340.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:186 (firebird)
File : nvt/mdksa_2009_186.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56606 Firebird op_connect_request Packet Handling Remote DoS

Firebird contains a flaw that may allow a remote denial of service. The issue is triggered when op_connect_request handles a malformed packet, and will result in loss of availability for the port for the 2.x versions and the server for the 1.x versions.

Snort® IPS/IDS

Date Description
2014-01-10 Firebird SQL op_connect_request denial of service attempt
RuleID : 15896 - Revision : 9 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2009-09-02 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8317.nasl - Type : ACT_GATHER_INFO
2009-09-02 Name : The remote Fedora host is missing a security update.
File : fedora_2009-8340.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://tracker.firebirdsql.org/browse/CORE-2563
http://www.coresecurity.com/content/firebird-sql-dos
http://www.exploit-db.com/exploits/9295
http://www.securityfocus.com/bid/35842
https://bugzilla.redhat.com/show_bug.cgi?id=514463
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341....
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370....
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2024-11-28 23:10:47
  • Multiple Updates
2024-11-28 12:19:28
  • Multiple Updates
2021-05-04 12:09:51
  • Multiple Updates
2021-04-22 01:10:12
  • Multiple Updates
2020-05-23 01:40:40
  • Multiple Updates
2020-05-23 00:24:05
  • Multiple Updates
2018-10-30 12:03:00
  • Multiple Updates
2017-09-19 09:23:19
  • Multiple Updates
2016-04-26 19:00:07
  • Multiple Updates
2014-02-17 10:50:56
  • Multiple Updates
2014-01-19 21:26:05
  • Multiple Updates
2013-05-10 23:54:39
  • Multiple Updates