| Subject | Re: Vulnerability and Fix?? |
|---|---|
| Author | PRoyston |
| Post date | 2008-03-28T04:45:38Z |
--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...> >
up to date (1.5.5). This definitely happened after upgrading to 1.5.5
(and before). In fact today we had it happen on a server which
typically gets far less traffic. I am pretty sure it is an external
source sending data because we are having it hit 2 servers with near
identical IP addresses within seconds of each other. Typically it just
causes our FB server to go dead and refuse connections and we have to
reboot.
I will be moving the FB port to something other than 3050 and upgrading
to 2.03 as soon as it can be done safely. (I have a lot of SQL to
verify against 2.03.)
> I asked about firebird launching cmd.exe last week, but got no1.5.5? Did you update the client library in all places?
> >response. This exploit was used to compromise one of our production
> >servers. We are using Firebird 1.5.5.
>
> Fixed in 1.5.5. Did your exploit occur before or after upgrading to
>Yes, I double checked the fbclient.dll and the gds32.dll they are all
up to date (1.5.5). This definitely happened after upgrading to 1.5.5
(and before). In fact today we had it happen on a server which
typically gets far less traffic. I am pretty sure it is an external
source sending data because we are having it hit 2 servers with near
identical IP addresses within seconds of each other. Typically it just
causes our FB server to go dead and refuse connections and we have to
reboot.
I will be moving the FB port to something other than 3050 and upgrading
to 2.03 as soon as it can be done safely. (I have a lot of SQL to
verify against 2.03.)