CVE-2017-6369 — Missing Authorization in Firebird

CWE-862 — Missing Authorization11 documents7 sources

Severity

8.8HIGHNVD

OSV5.0

EPSS

8.9%

top 7.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Firebirdsql Firebird

Timeline

PublishedMar 24

Latest updateMay 13

Description

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDfirebirdsql/firebird2.5.0 — 2.5.7+1

🔴Vulnerability Details

GHSA

GHSA-vf42-c4fw-rcm3: Insufficient checks in the UDF subsystem in Firebird 2↗2022-05-13

▶

OSV

firebird2.5 vulnerabilities↗2019-04-02

▶

OSV

CVE-2017-6369: Insufficient checks in the UDF subsystem in Firebird 2↗2017-03-24

▶

CVEList

CVE-2017-6369: Insufficient checks in the UDF subsystem in Firebird 2↗2017-03-24

▶

📋Vendor Advisories

Ubuntu

Firebird vulnerability↗2021-03-15

▶

Ubuntu

Firebird vulnerabilities↗2019-04-02

▶

Debian

CVE-2017-6369: firebird3.0 - Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0....↗2017

▶

💬Community

Bugzilla

CVE-2017-6369 firebird: Access to undesired external modules during 'Restrict' configuration mode [epel-all]↗2017-02-21

▶

Bugzilla

CVE-2017-6369 firebird: Access to undesired external modules during 'Restrict' configuration mode↗2017-02-21

▶

Bugzilla

CVE-2017-6369 firebird: Access to undesired external modules during 'Restrict' configuration mode [fedora-all]↗2017-02-21

▶