| Subject | Re: [firebird-support] Re: Vulnerability and Fix?? |
|---|---|
| Author | Helen Borrie |
| Post date | 2008-03-31T23:06:08Z |
At 07:45 AM 1/04/2008, you wrote:
I suggest making a well-described test case, including full environment details, exception messages reported and log excerpts, and posting to Tracker.
./heLen
>PRoyston wrote:Hmmm, it's the same fix. Causing the server to refuse connections with over-length strings was the objective...so he should be seeing exception messages and log entries.
> > --- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...> >
> >>> ...
> >> Fixed in 1.5.5. Did your exploit occur before or after upgrading to
> > 1.5.5? Did you update the client library in all places?
> >
> > Yes, I double checked the fbclient.dll and the gds32.dll they are all
> > up to date (1.5.5). This definitely happened after upgrading to 1.5.5
> > (and before). In fact today we had it happen on a server which
> > typically gets far less traffic. I am pretty sure it is an external
> > source sending data because we are having it hit 2 servers with near
> > identical IP addresses within seconds of each other. Typically it just
> > causes our FB server to go dead and refuse connections and we have to
> > reboot.
> >
>
>If this really wasn't fixed in 1.5.5 - I don't suppose there will be
>a solution except moving to 2.x ?
I suggest making a well-described test case, including full environment details, exception messages reported and log excerpts, and posting to Tracker.
./heLen