PublicDateAtUSN: 2017-03-24
Candidate: CVE-2017-6369
PublicDate: 2017-03-24 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6369
 http://tracker.firebirdsql.org/browse/CORE-5474
 https://ubuntu.com/security/notices/USN-3929-1
Description:
 Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and
 3.0.x before 3.0.2 allow remote authenticated users to execute code by
 using a 'system' entrypoint from fbudf.so.
Ubuntu-Description:
 It was discovered that Firebird exposed certain UDF libraries. An authenticated
 attacker could use this issue to execute arbitrary code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_firebird2.5:
upstream_firebird2.5: needs-triage
precise_firebird2.5: ignored (reached end-of-life)
precise/esm_firebird2.5: DNE (precise was needed)
trusty_firebird2.5: released (2.5.2.26540.ds4-9ubuntu1.1)
trusty/esm_firebird2.5: released (2.5.2.26540.ds4-9ubuntu1.1)
vivid/stable-phone-overlay_firebird2.5: DNE
vivid/ubuntu-core_firebird2.5: DNE
xenial_firebird2.5: ignored (end of standard support, was needed)
yakkety_firebird2.5: ignored (reached end-of-life)
zesty_firebird2.5: DNE
artful_firebird2.5: DNE
bionic_firebird2.5: DNE
cosmic_firebird2.5: DNE
disco_firebird2.5: DNE
eoan_firebird2.5: DNE
focal_firebird2.5: DNE
groovy_firebird2.5: DNE
hirsute_firebird2.5: DNE
impish_firebird2.5: DNE
jammy_firebird2.5: DNE
devel_firebird2.5: DNE

Patches_firebird3.0:
upstream_firebird3.0: released (3.0.1.32609.ds4-14)
precise_firebird3.0: DNE
precise/esm_firebird3.0: DNE
trusty_firebird3.0: DNE
trusty/esm_firebird3.0: DNE
vivid/stable-phone-overlay_firebird3.0: DNE
vivid/ubuntu-core_firebird3.0: DNE
xenial_firebird3.0: DNE
yakkety_firebird3.0: DNE
zesty_firebird3.0: ignored (reached end-of-life)
artful_firebird3.0: ignored (reached end-of-life)
bionic_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
cosmic_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
disco_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
eoan_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
focal_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
groovy_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
hirsute_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
impish_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
jammy_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)
devel_firebird3.0: not-affected (3.0.2.32703.ds4-11ubuntu2)