This is a security fix upstream bug report : http://tracker.firebirdsql.org/browse/CORE-4629 http://tracker.firebirdsql.org/browse/CORE-4630 upstream official announce coming, CVE ID requested by upstream tests procedures can be found in mga#9322 and mga#8046 firebird-2.5.2.26540-4.mga4 and firebird-2.5.3.26778-4.mga5 have the upstream patch to fix the problem Reproducible: Steps to Reproduce:
I guess you can assign to QA when there's a CVE and an announcement. I don't know anything about the CVE request, as it didn't happen on oss-security. Packages built: firebird-2.5.2.26540-4.mga4 firebird-classic-2.5.2.26540-4.mga4 firebird-superclassic-2.5.2.26540-4.mga4 firebird-superserver-2.5.2.26540-4.mga4 firebird-devel-2.5.2.26540-4.mga4 firebird-utils-classic-2.5.2.26540-4.mga4 firebird-utils-superserver-2.5.2.26540-4.mga4 firebird-utils-common-2.5.2.26540-4.mga4 libfbclient2-2.5.2.26540-4.mga4 libfbembed2-2.5.2.26540-4.mga4 firebird-server-classic-2.5.2.26540-4.mga4 firebird-server-superserver-2.5.2.26540-4.mga4 firebird-server-common-2.5.2.26540-4.mga4 from firebird-2.5.2.26540-4.mga4.src.rpm
Assignee: security => makowski.mageiaQA Contact: (none) => security
The official announce : These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users ref : - http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ - http://tracker.firebirdsql.org/browse/CORE-4630
Assignee: makowski.mageia => qa-bugs
Component: RPM Packages => Security
Whiteboard: (none) => has_procedure
In VirtualBox, M4, KDE, 32-bit Package(s) under test: firebird firebird-classic firebird-server-classic firebird-server-common firebird-utils-classic firebird-utils-common default install of firebird firebird-classic firebird-server-classic firebird-server-common firebird-utils-classic firebird-utils-common [root@localhost wilcal]# urpmi firebird Package firebird-2.5.2.26540-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi firebird-classic Package firebird-classic-2.5.2.26540-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi firebird-server-classic Package firebird-server-classic-2.5.2.26540-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi firebird-server-common Package firebird-server-common-2.5.2.26540-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi firebird-utils-classic Package firebird-utils-classic-2.5.2.26540-3.mga4.i586 is already installed [root@localhost wilcal]# urpmi firebird-utils-common Package firebird-utils-common-2.5.2.26540-3.mga4.i586 is already installed Per https://bugs.mageia.org/show_bug.cgi?id=9322#c8 [root@localhost wilcal]# service firebird-superserver start Cannot find firebird-superserver service [root@localhost wilcal]# service firebird-server-classic start Cannot find firebird-server-classic service [root@localhost wilcal]# service firebird-server-common start Cannot find firebird-server-common service Have we a simple easier way to ensure this installed and is working properly? Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
(In reply to William Kenney from comment #3) > [root@localhost wilcal]# service firebird-superserver start > Cannot find firebird-superserver service > [root@localhost wilcal]# service firebird-server-classic start > Cannot find firebird-server-classic service > [root@localhost wilcal]# service firebird-server-common start > Cannot find firebird-server-common service > > Have we a simple easier way to ensure this installed and is working properly? > Commands I found to start firebird services : With firebird-server-superserver # systemctl start firebird-superserver With firebird-server-classic # systemctl start firebird-classic.socket I'm currently testing it on Mageia 4x64
CC: (none) => olchal
(In reply to olivier charles from comment #4) > I'm currently testing it on Mageia 4x64 If you don't win, I shall have a go also. From the links given, this looks useful:- http://tracker.firebirdsql.org/browse/CORE-4630 -> http://tracker.firebirdsql.org/secure/attachment/12642/crash.cpp the latter apparently a program to show the fault (POC). "Test program causing server to die". Could be useful...
CC: (none) => lewyssmith
Testing on Mageia 4x64, real hardware Current packages : ---------------- - firebird-classic-2.5.2.26540-3.mga4.x86_64 # systemctl start firebird-classic.socket # systemctl status -l firebird-classic.socket firebird-classic.socket - Firebird Classic Activation Socket Loaded: loaded (/usr/lib/systemd/system/firebird-classic.socket; disabled) Active: active (listening) since mar. 2014-12-09 21:27:40 CET; 8s ago Listen: [::]:3050 (Stream) Accepted: 0; Connected: 0 - firebird-superserver-2.5.2.26540-3.mga4.x86_64 # systemctl status firebird-superserver firebird-superserver.service - Firebird Database Server ( SuperServer ) Loaded: loaded (/usr/lib/systemd/system/firebird-superserver.service; enabled) Active: active (running) since mar. 2014-12-09 22:00:23 CET; 4s ago - firebird-superclassic-2.5.2.26540-3.mga4.x86_64 # systemctl start firebird-superclassic # systemctl status firebird-superclassic firebird-superclassic.service - Firebird Database Server ( SuperClassic ) Loaded: loaded (/usr/lib/systemd/system/firebird-superclassic.service; enabled) Active: active (running) since mar. 2014-12-09 21:43:00 CET; 2min 57s ago Used example found here : https://bugs.mageia.org/show_bug.cgi?id=8046#c0 $ isql-fb localhost:employee -user SYSDBA -password masterkey Database: localhost:employee, User: SYSDBA SQL> create table t (col1 int, col2 int, col3 int); SQL> insert into t values (100, 200, 300); SQL> insert into t values (101, 201, 301); SQL> insert into t values (102, 202, 302); SQL> commit; SQL> alter table t drop col1; SQL> select col2, col3 from t as t1 where exists (select * from t as t2 order by t1.col2 ); COL2 COL3 ============ ============ 200 300 201 301 202 302 SQL> commit; SQL> drop table t; SQL> exit; With updated-testing packages : ----------------------------- - firebird-server-superserver-2.5.2.26540-4.mga4.x86_64 could start/stop/disable/enable service Could test the isql -fb commands shown in example, which ran OK - firebird-classic-2.5.2.26540-3.mga4.x86_64 could start/stop/disable/enable service - firebird-superclassic-2.5.2.26540-4.mga4.x86_64 could start/stop/disable/enable service Didn't know what to make with the crash.cpp file in PoC mentionned by Lewis in Comment 5. What I saw seems OK to me otherwise.
Made an error in Comment 6, With updated-testing packages, that was firebird-classic-2.5.2.26540-4.mga4.x86_64 I used (and not 26540-3 as I wrote).
I ran tests under mga4 32 so it seems that all is ok Suggested Advisory ----------------------- These update fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users References: - http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ - http://tracker.firebirdsql.org/browse/CORE-4630 Updated packages : firebird-2.5.2.26540-4.mga4 firebird-classic-2.5.2.26540-4.mga4 firebird-superclassic-2.5.2.26540-4.mga4 firebird-superserver-2.5.2.26540-4.mga4 firebird-devel-2.5.2.26540-4.mga4 firebird-utils-classic-2.5.2.26540-4.mga4 firebird-utils-superserver-2.5.2.26540-4.mga4 firebird-utils-common-2.5.2.26540-4.mga4 libfbclient2-2.5.2.26540-4.mga4 libfbembed2-2.5.2.26540-4.mga4 firebird-server-classic-2.5.2.26540-4.mga4 firebird-server-superserver-2.5.2.26540-4.mga4 firebird-server-common-2.5.2.26540-4.mga4 from firebird-2.5.2.26540-4.mga4.src.rpm
Whiteboard: has_procedure => has_procedure MGA4-64-OK MGA4-32-OK
Thanks Philippe Validating. Advisory uploaded. Please push to updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
CVE request: http://openwall.com/lists/oss-security/2014/12/10/4
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0523.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: http://tracker.firebirdsql.org/browse/CORE-4629 => http://lwn.net/Vulnerabilities/625784/
Summary: Segfault in server caused by bad packet => firebird: Segfault in server caused by bad packet
CVE id : CVE-2014-9323
Summary: firebird: Segfault in server caused by bad packet => firebird: Segfault in server caused by bad packet CVE-2014-9323
Strange, maybe RedHat gave it the CVE? No response on oss-security. Could someone add the CVE to the advisory in SVN?
Summary: firebird: Segfault in server caused by bad packet CVE-2014-9323 => firebird: Segfault in server caused by bad packet (CVE-2014-9323)
(In reply to David Walser from comment #13) > Strange, maybe RedHat gave it the CVE? No response on oss-security. > Don't know but RedHat made the change in the bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1172445 But only Suse is listed here : http://www.security-database.com/detail.php?alert=CVE-2014-9323 and no details for me here : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9323
LWN reference for CVE-2014-9323: http://lwn.net/Vulnerabilities/627313/