Main Vulnerability Database Vulnerabilities #VU39386

Missing Authorization in Firebird - CVE-2017-6369

Published: March 24, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39386

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-6369

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: firebird.sourceforge.net

Affected software:
Firebird

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

How to mitigate CVE-2017-6369

Install update from vendor's website.

Sources

http://tracker.firebirdsql.org/browse/CORE-5474
http://www.debian.org/security/2017/dsa-3824
http://www.securityfocus.com/bid/97070
https://usn.ubuntu.com/3929-1/

Missing Authorization in Firebird - CVE-2017-6369

Detailed vulnerability description

How to mitigate CVE-2017-6369

Sources

Please verify you're human