CVE-2016-1569 : FireBird bug introduced in 2.5.5: authenticated clients crash FireBird when running gbak with invalid parameter

January 11, 2016 mariuz Leave a comment

The FireBird RDBMS can be crashed remotely by an authenticated client
by invoking gbak via the service manager using invalid command line
switch and lead to denial of service.

The issue was introduced in version 2.5.5.

Upstream report:
http://tracker.firebirdsql.org/browse/CORE-5068

Upstream fix: 
http://sourceforge.net/p/firebird/code/62783/

Debian bug:
https://bugs.debian.org/810599

CVE-2016-1569 Status in Debian:
https://security-tracker.debian.org/tracker/CVE-2016-1569

CVE-2016-1569 : FireBird bug introduced in 2.5.5: authenticated clients crash FireBird when running gbak with invalid parameter

Leave a Reply Cancel reply