CVE-2017-6369
Published: 24 March 2017
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
From the Ubuntu Security Team
It was discovered that Firebird exposed certain UDF libraries. An authenticated attacker could use this issue to execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
firebird2.5 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(2.5.2.26540.ds4-9ubuntu1.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.5.4.26856.ds4-1ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Does not exist
|
|
firebird3.0 Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
cosmic |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
disco |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
eoan |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
focal |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
groovy |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
hirsute |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
impish |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
jammy |
Not vulnerable
(3.0.2.32703.ds4-11ubuntu2)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.0.1.32609.ds4-14)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |