CVE-2017-11509

Опубликовано: 28 мар. 2018

Источник: debian

EPSS Низкий

Описание

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

Пакет	Статус	Версия исправления	Релиз	Тип
firebird3.0	fixed	3.0.3.32900.ds4-3		package
firebird2.5	removed			package

https://www.tenable.com/security/research/tra-2017-36
https://github.com/FirebirdSQL/firebird/issues/5787
Firebird upstream responded to Tenable the issue is not intended to be addressed
in "any current release".
Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix,
and might actually be considered more of just a mitigation.
Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at

EPSS

Процентиль: 92%

0.08469

Низкий

CVE-2017-11509

CVSS3: 8.8

ubuntu

почти 8 лет назад

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

CVE-2017-11509

CVSS3: 8.8

redhat

около 8 лет назад

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

CVE-2017-11509

CVSS3: 8.8

nvd

почти 8 лет назад

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

SUSE-SU-2025:03095-1

suse-cvrf

5 месяцев назад

Security update for firebird

GHSA-6pp2-h2x8-7cp5

CVSS3: 8.8

github

больше 3 лет назад

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

EPSS

Процентиль: 92%

0.08469

Низкий