[Bug 1835896] Re: Heap overflow if UDT type is used with protocol 5.0
Alex Murray
alex.murray at canonical.com
Thu Oct 17 03:59:57 UTC 2019
This is already public as per
https://bugzilla.redhat.com/show_bug.cgi?id=1736255 and
https://bugzilla.novell.com/show_bug.cgi?id=1141132 so marking this bug
public too.
** Bug watch added: Red Hat Bugzilla #1736255
https://bugzilla.redhat.com/show_bug.cgi?id=1736255
** Bug watch added: Novell/SUSE Bugzilla #1141132
https://bugzilla.novell.com/show_bug.cgi?id=1141132
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to freetds in Ubuntu.
https://bugs.launchpad.net/bugs/1835896
Title:
Heap overflow if UDT type is used with protocol 5.0
Status in freetds package in Ubuntu:
New
Bug description:
Description of problem:
A malicious server could cause heap overflow.
This can happens if server cause a downgrade to protocol 5.0 and send a UDT type.
This does not apply to a specific Ubuntu version. FreeTDS version from 0.95 are affected so all versions distributed with recent Ubuntu.
How reproducible:
You need to write a malicious server doing downgrade and sending the UDT type.
Actual results:
Heap overflow
Expected results:
Type handled correctly or disconnection due to invalid protocol.
Additional info:
This was reported by Felix Wilhelm from the Google Security Team.
This is fixed by https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freetds/+bug/1835896/+subscriptions
More information about the foundations-bugs
mailing list