Firebird fbudf Module Authenticated Remote Code Execution

Here is the description for CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The
only known solution is to disable external UDF libraries from being loaded. In
order to achieve this, the default configuration has changed to UdfAccess=None.

This will prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.

Here is the Debian security page with the issue : CVE-2017-11509
And here is the original report https://www.tenable.com/security/research/tra-2017-36

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.