Firebird fbudf Module Authenticated Remote Code Execution
Here is the description for CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL
Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. The
only known solution is to disable external UDF libraries from being loaded. In
order to achieve this, the default configuration has changed to UdfAccess=None.
This will prevent the fbudf module from being loaded, but may also break other
functionality relying on modules.
Here is the Debian security page with the issue : CVE-2017-11509
And here is the original report https://www.tenable.com/security/research/tra-2017-36