Firebird security bug fixed in gentoo linux

Firebird allows remote connections to the administrative account without verifying credentials.

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1880

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Leave a Reply