Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2009:186 | First vendor Publication | 2009-08-01 |
| Vendor | Mandriva | Last vendor Modification | 2009-08-01 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability has been found and corrected in firebird: src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference (CVE-2009-2620). This update provides fixes for this vulnerability. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:186 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-07-28 | Firebird SQL op_connect_request main listener shutdown Vulnerability |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-09-11 | Name : Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win) File : nvt/gb_firebird_dos_vuln_win.nasl |
| 2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8317 (firebird) File : nvt/fcore_2009_8317.nasl |
| 2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8340 (firebird) File : nvt/fcore_2009_8340.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:186 (firebird) File : nvt/mdksa_2009_186.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 56606 | Firebird op_connect_request Packet Handling Remote DoS Firebird contains a flaw that may allow a remote denial of service. The issue is triggered when op_connect_request handles a malformed packet, and will result in loss of availability for the port for the 2.x versions and the server for the 1.x versions. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Firebird SQL op_connect_request denial of service attempt RuleID : 15896 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-09-02 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8317.nasl - Type : ACT_GATHER_INFO |
| 2009-09-02 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8340.nasl - Type : ACT_GATHER_INFO |
