PT-2017-3824 · Firebird+2 · Firebird+2

Published

2017-03-24

Updated

2025-10-10

CVE-2017-6369

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firebird versions 2.5.x through 2.5.6 Firebird versions 3.0.x through 3.0.1

Description The issue is related to insufficient checks in the UDF subsystem, allowing remote authenticated users to execute code. This can be achieved by using a 'system' entrypoint from fbudf.so. The vulnerability is associated with errors in executing user-defined functions (UDF) in database management systems.

Recommendations For Firebird versions 2.5.x through 2.5.6, update to version 2.5.7 or later. For Firebird versions 3.0.x through 3.0.1, update to version 3.0.2 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2019-03693

CVE-2017-6369

DLA-879-1

DSA-3824-1

SUSE-SU-2017:1156-1

SUSE-SU-2017_1156-1

USN-3929-1

USN-4822-1

Affected Products

Firebird

Suse

Ubuntu

PT-2017-3824 · Firebird+2 · Firebird+2

CVE-2017-6369

Weakness Enumeration

Related Identifiers

Affected Products

References · 26