Bug#702735: firebird2.1: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability

Damyan Ivanov Tue, 12 Mar 2013 02:21:17 -0700

(not a duplicate, firebird has two versions in squeeze)

-=| Salvatore Bonaccorso, 10.03.2013 22:13:22 +0100 |=-
> Source: firebird2.1
> Severity: grave
> Tags: security
> 
> Hi
> 
> the following vulnerability was published for firebird2.1.
> 
> CVE-2013-2492[0]:
> Request Processing Buffer Overflow Vulnerability
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see also [1] and [2].
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2492
>     http://security-tracker.debian.org/tracker/CVE-2013-2492
> [1] http://tracker.firebirdsql.org/browse/CORE-4058
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2492


Dear security team,

Please approve the uploading of firebird2.1 with the attached (source) 
diff from the version in squeeze.

Also attached is the binary diff.


Thanks,
    dam

diff -wu firebird2.1-2.1.3.18185-0.ds1/debian/changelog firebird2.1-2.1.3.18185-0.ds1/debian/changelog
--- firebird2.1-2.1.3.18185-0.ds1/debian/changelog
+++ firebird2.1-2.1.3.18185-0.ds1/debian/changelog
@@ -1,3 +1,11 @@
+firebird2.1 (2.1.3.18185-0.ds1-11+squeeze1) stable-security; urgency=high
+
+  * Apply patch from upstream revision r57728 (unfuzzied) fixing a remote
+    unauthenticated stack overflow in the Firebird server (CVE-2013-2492)
+    Closes: #702735
+
+ -- Damyan Ivanov <[email protected]>  Tue, 12 Mar 2013 10:30:31 +0200
+
 firebird2.1 (2.1.3.18185-0.ds1-11) unstable; urgency=low
 
   * all .postinst: add db_stop at the end
diff -wu firebird2.1-2.1.3.18185-0.ds1/debian/patches/series firebird2.1-2.1.3.18185-0.ds1/debian/patches/series
--- firebird2.1-2.1.3.18185-0.ds1/debian/patches/series
+++ firebird2.1-2.1.3.18185-0.ds1/debian/patches/series
@@ -16,0 +17 @@
+upstream/r57728-cve-2013-2429.patch
only in patch2:
--- firebird2.1-2.1.3.18185-0.ds1.orig/debian/patches/upstream/r57728-cve-2013-2429.patch
+++ firebird2.1-2.1.3.18185-0.ds1/debian/patches/upstream/r57728-cve-2013-2429.patch
@@ -0,0 +1,26 @@
+From: alexpeshkoff <alexpeshkoff@65644016-39b1-43b1-bf79-96bc8fe82c15>
+Date: Wed, 6 Mar 2013 11:33:08 +0000 (+0000)
+Subject: Fixed CORE-4058
+ Fixes a remote, unauthenticated stack overflow
+ CVE-2013-2492
+X-Git-Url: http://anonscm.debian.org/gitweb/?p=pkg-firebird%2Fupstream.git;a=commitdiff_plain;h=9cacbca5093808e217ba68adaa469bd6179fb535
+Bug: http://tracker.firebirdsql.org/browse/CORE-4058
+Bug-Debian: http://bigs.debian.org/702736
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2492
+
+Fixed CORE-4058
+
+git-svn-id: svn://svn.code.sf.net/p/firebird/code/firebird/branches/B2_5_Release@57728 65644016-39b1-43b1-bf79-96bc8fe82c15
+---
+
+--- a/src/remote/inet.cpp
++++ b/src/remote/inet.cpp
+@@ -1097,7 +1097,7 @@ static int accept_connection(rem_port* p
+ 		case CNCT_group:
+ 			{
+ 				int length = id.getClumpLength();
+-				if (length != 0) {
++				if (length <= sizeof(eff_gid) && length > 0) {
+ 					eff_gid = 0;
+ 					memcpy(&eff_gid, id.getBytes(), length);
+ 					eff_gid = ntohl(eff_gid);

File lists identical (after any substitutions)

Control files of package firebird2.1-classic: lines which differ (wdiff format)
-------------------------------------------------------------------------------
Depends: libc6 (>= 2.3), libedit2 (>= 2.11-20080614-1), libfbembed2.1 (>= 2.1.1), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.1.1), firebird2.1-common (= [-2.1.3.18185-0.ds1-11+b1),-] {+2.1.3.18185-0.ds1-11+squeeze1),+} netbase, firebird2.1-server-common (= [-2.1.3.18185-0.ds1-11+b1),-] {+2.1.3.18185-0.ds1-11+squeeze1),+} openbsd-inetd | inet-superserver, debconf (>= 0.5) | debconf-2.0, debconf (>= 1.4.69) | cdebconf (>= 0.43), firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-3712-] {+3596+}
Source: firebird2.1 [-(2.1.3.18185-0.ds1-11)-]
Version: [-2.1.3.18185-0.ds1-11+b1-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-common: lines which differ (wdiff format)
------------------------------------------------------------------------------
Depends: libc6 (>= 2.3), libgcc1 (>= 1:4.1.1), libicu44 (>= 4.4.1-1), libstdc++6 (>= 4.1.1), firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-1404-] {+1312+}
Source: firebird2.1 [-(2.1.3.18185-0.ds1-11)-]
Version: [-2.1.3.18185-0.ds1-11+b1-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-common-doc: lines which differ (wdiff format)
----------------------------------------------------------------------------------
Installed-Size: [-596-] {+580+}
Version: [-2.1.3.18185-0.ds1-11-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-dev: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: libfbclient2 (>= 2.1), firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-332-] {+316+}
Version: [-2.1.3.18185-0.ds1-11-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-doc: lines which differ (wdiff format)
---------------------------------------------------------------------------
Depends: firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-1456-] {+1424+}
Version: [-2.1.3.18185-0.ds1-11-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-examples: lines which differ (wdiff format)
--------------------------------------------------------------------------------
Depends: firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-312-] {+304+}
Version: [-2.1.3.18185-0.ds1-11-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-server-common: lines which differ (wdiff format)
-------------------------------------------------------------------------------------
Depends: adduser, firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-1692-] {+1580+}
Source: firebird2.1 [-(2.1.3.18185-0.ds1-11)-]
Version: [-2.1.3.18185-0.ds1-11+b1-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package firebird2.1-super: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: libc6 (>= 2.3.2), libedit2 (>= 2.11-20080614-1), libfbclient2 (>= 2.5.0.25784~ReleaseCandidate1.ds2), libgcc1 (>= 1:4.1.1), libicu44 (>= 4.4.1-1), libstdc++6 (>= 4.1.1), firebird2.1-common (= [-2.1.3.18185-0.ds1-11+b1),-] {+2.1.3.18185-0.ds1-11+squeeze1),+} firebird2.1-server-common (= [-2.1.3.18185-0.ds1-11+b1),-] {+2.1.3.18185-0.ds1-11+squeeze1),+} lsb-base, debconf (>= 0.5) | debconf-2.0, debconf (>= 1.4.69) | cdebconf (>= 0.43), firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-7132-] {+7012+}
Source: firebird2.1 [-(2.1.3.18185-0.ds1-11)-]
Version: [-2.1.3.18185-0.ds1-11+b1-] {+2.1.3.18185-0.ds1-11+squeeze1+}

Control files of package libfbembed2.1: lines which differ (wdiff format)
-------------------------------------------------------------------------
Depends: libc6 (>= 2.3), libgcc1 (>= 1:4.1.1), libicu44 (>= 4.4.1-1), libstdc++6 (>= 4.1.1), firebird2.1-common (= [-2.1.3.18185-0.ds1-11+b1),-] {+2.1.3.18185-0.ds1-11+squeeze1),+} firebird2.1-server-common (= [-2.1.3.18185-0.ds1-11+b1),-] {+2.1.3.18185-0.ds1-11+squeeze1),+} firebird2.1-common-doc (= [-2.1.3.18185-0.ds1-11)-] {+2.1.3.18185-0.ds1-11+squeeze1)+}
Installed-Size: [-3464-] {+3436+}
Source: firebird2.1 [-(2.1.3.18185-0.ds1-11)-]
Version: [-2.1.3.18185-0.ds1-11+b1-] {+2.1.3.18185-0.ds1-11+squeeze1+}

signature.asc
Description: Digital signature

Bug#702735: firebird2.1: CVE-2013-2492: Request Processing Buffer Overflow Vulnerability

Reply via email to