Debian LTS: Security Advisory for firebird2.5 (DLA-2129-1)

Published: 2020-03-01 04:00:15
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Summary:
The remote host is missing an update for the 'firebird2.5' Linux Distribution Package(s) announced via the DLA-2129-1 advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
An issues has been found in firebird2.5, an RDBMS based on InterBase 6.0. As UDFs can be used for a remote authenticated code execution (as user firebird), UDFs have been disabled in the default configuration which will be used for new installations (there is no change for existing configurations, which must be done manually).

Affected Versions:
'firebird2.5' Linux Distribution Package(s) on Debian Linux.

Recommendations:
For Debian 8 'Jessie', this problem has been fixed in version 2.5.3.26778.ds4-5+deb8u2. We recommend that you upgrade your firebird2.5 Linux Distribution Packages.

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2017-11509

References:

https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html
https://security-tracker.debian.org/tracker/DLA-2129-1

Search
Severity
High
CVSS Score
9.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.