Published: 24/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Insufficient checks in the UDF subsystem in Firebird 2.5.x prior to 2.5.7 and 3.0.x prior to 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

Vulnerable Product	Search on Vulmon	Subscribe to Product
firebirdsql firebird 2.5.3
firebirdsql firebird 2.5.5
firebirdsql firebird 2.5.6
firebirdsql firebird 2.5.4
firebirdsql firebird 2.5.1
firebirdsql firebird 2.5.2
firebirdsql firebird 3.0.1
firebirdsql firebird 3.0

Debian Bug report logs - #858641 CVE-2017-6369: authenticated remote execution in firebird 25 before version 257 Packages: firebird25-super, firebird25-classic-common; Maintainer for firebird25-super is Debian Firebird Group <pkg-firebird-general@listsaliothdebianorg>; Source for firebird25-super is src:firebird25 (PTS, b ...

Several security issues were fixed in Firebird ...

George Noseevich discovered that firebird25, a relational database system, did not properly check User-Defined Functions (UDF), thus allowing remote authenticated users to execute arbitrary code on the firebird server For the stable distribution (jessie), this problem has been fixed in version 25326778ds4-5+deb8u1 We recommend that you upgra ...

CWE-862 http://tracker.firebirdsql.org/browse/CORE-5474 http://www.securityfocus.com/bid/97070 http://www.debian.org/security/2017/dsa-3824 https://usn.ubuntu.com/3929-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858641 https://usn.ubuntu.com/3929-1/https://nvd.nist.gov

CVE-2017-6369

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect