Vulnerability CVE-2009-2620 - CERT Civis.Net

Vulnerability Name:

CVE-2009-2620 (CCN-52121)

Assigned:

2009-07-28

Published:

2009-07-28

Updated:

2017-09-19

Summary:

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-2620

Source: CCN
Type: SourceForge.net Web site
SCM Repositories - Firebird

Source: CCN
Type: SA36026
Firebird "op_connect_request" Packet Denial of Service

Source: CONFIRM
Type: Vendor Advisory
http://tracker.firebirdsql.org/browse/CORE-2563

Source: CCN
Type: CORE-2009-0707
Firebird SQL op_connect_request main listener shutdown vulnerability

Source: MISC
Type: Exploit
http://www.coresecurity.com/content/firebird-sql-dos

Source: EXPLOIT-DB
Type: UNKNOWN
9295

Source: CCN
Type: OSVDB ID: 56606
Firebird op_connect_request Packet Handling Remote DoS

Source: BID
Type: Exploit, Patch
35842

Source: CCN
Type: BID-35842
Firebird 'op_connect_request' Remote Denial Of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=514463

Source: XF
Type: UNKNOWN
firebirdsql-opconnectrequest-dos(52121)

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8317

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-8340

Vulnerable Configuration:

Configuration 1:

cpe:/a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.1:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.2.4731:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.3.4870:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.4.4910:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.0.0.12748:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:*:*:*:*:*:*:*:* (Version <= 2.0.3)

OR cpe:/a:firebirdsql:firebird:2.1:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.1.3:rc1:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.5:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.5:beta_2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:firebirdsql:firebird:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:1.5.5:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:firebirdsql:firebird:2.1.3:rc1:*:*:*:*:*:*

Denotes that component is vulnerable