CVE-2009-2620

Firebird SQL 1.5-1.5.5, 2.0-2.0.5, 2.1-2.1.2, 2.5 Beta 1 - Denial of Service via Malformed op_connect_request Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2620. PoCs published by Core Security.

AI-analyzed exploit summary This is a detailed advisory and technical analysis of CVE-2009-2620, a denial of service vulnerability in Firebird SQL. The vulnerability allows a remote attacker to shut down the main listener socket by sending an unexpected 'op_connect_request' message with invalid data.

Description

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/9295

View Code ZIP pw:eip

This is a detailed advisory and technical analysis of CVE-2009-2620, a denial of service vulnerability in Firebird SQL. The vulnerability allows a remote attacker to shut down the main listener socket by sending an unexpected 'op_connect_request' message with invalid data.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Firebird SQL v1.5.5, v2.0.1, v2.0.5, v2.1.1, v2.1.2, v2.1.3 RC1, v2.5.0 Beta 1

No auth needed

Prerequisites: Network access to the Firebird SQL server

MITRE ATT&CK