On Mon, 13 Jul 2015 13:56:04 +0100, "Nick Upson [email protected] [firebird-support]" <[email protected]> wrote: > Hi > > firebird 2.1 centos, I have systems in a company who are scanning with > nessus and this causes the firebird log below. Although they do not have > access to the database I'm concerned what is happening. Has anyone seen > this before? Can I avoid it? > > > gaxgpap345vu Sun Jul 12 17:27:11 2015 > INET/inet_error: read errno = 104 > > > gaxgpap345vu Sun Jul 12 17:27:14 2015 > *** DUMP *** > > > gaxgpap345vu Sun Jul 12 17:27:14 2015 > Tag=-1 Offset=13 Length=26 Eof=0 > > > > gaxgpap345vu Sun Jul 12 17:27:14 2015 > Clump 1 at offset 0: SCAN CHECK<04> > > > gaxgpap345vu Sun Jul 12 17:27:14 2015 > Fatal exception during clumplet dump: Invalid clumplet buffer > structure: buffer end before end of clumplet - clumplet too long > > > gaxgpap345vu Sun Jul 12 17:27:14 2015 > Plain dump starting with offset 13: <0a>nessusscan<06><00>
Whether you should be worried depends on your Firebird version. There are some vulnerabilities that can crash the server in some versions of Firebird even when not authenticate (I don't recall if there are exploits that can get data unauthenticated). These known vulnerabilities is what Nessus scans for. To authenticate with the server, the client first needs to communicate with the server. If this handshake is not programmed correctly, then it could be vulnerable to crashing the server (or worse), and that has happened in the past. Firebird logs that it received information that it didn't grok and that is a good thing! Mark
