[Bug 1215336] [NEW] Possible core using FreeTDS
Frediano Ziglio
frediano.ziglio at citrix.com
Thu Aug 22 09:28:17 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
We discovered a bug in FreeTDS up to version 0.91 (the last stable released version).
If you connect to different servers (like MySQL) is possible to cause a core.
As usual server information are usually constant it's hard to use this to get a server DoS but it's still possible.
The patch is at
http://gitorious.org/freetds/freetds/commit/748aa264f71aeca777b026f62ff3ce015c7aa682.
Original bug reported by Ramiro Morales in
http://lists.ibiblio.org/pipermail/freetds/2013q3/028461.html. Details
of problem and fix at
http://lists.ibiblio.org/pipermail/freetds/2013q3/028462.html.
** Affects: freetds (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetds in Ubuntu.
https://bugs.launchpad.net/bugs/1215336
Title:
Possible core using FreeTDS
Status in “freetds” package in Ubuntu:
New
Bug description:
We discovered a bug in FreeTDS up to version 0.91 (the last stable released version).
If you connect to different servers (like MySQL) is possible to cause a core.
As usual server information are usually constant it's hard to use this to get a server DoS but it's still possible.
The patch is at
http://gitorious.org/freetds/freetds/commit/748aa264f71aeca777b026f62ff3ce015c7aa682.
Original bug reported by Ramiro Morales in
http://lists.ibiblio.org/pipermail/freetds/2013q3/028461.html. Details
of problem and fix at
http://lists.ibiblio.org/pipermail/freetds/2013q3/028462.html.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1215336/+subscriptions
More information about the foundations-bugs
mailing list