firebird2.0 security bug is now fixed in debian/gentoo

There is an grave security bug in firebird package 2.0 from debian and ubuntu
where an user can connect to the server with SYSDBA and NO password

The bug is now fixed in debian sid (unstable)

http://packages.debian.org/sid/firebird2.0-super
and here is the changelog

firebird2.0-super.init: stop exporting ISC_USER and ISC_PASSWORD.
Fixes a hole causing remote connections as user SYSDBA to succeed
without giving a password.
Closes: #481389 and CVE-2008-1880

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

New Firebird packages fix several vulnerabilities in debian

This Debian security advisory is a bit unusual. While it’s normally
our strict policy to backport security bugfixes to older releases, this
turned out to be infeasible for Firebird 1.5 due to large infrastructural
changes necessary to fix these issues. As a consequence security support
for Firebird 1.5 is hereby discontinued, leaving two options to
administrators running a Firebird database:

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
1 6 7 8 9