Lucene search
HistoryMay 12, 2008 - 4:20 p.m.
CVE-2008-1880
firebird
gentoo linux
remote attackers
sysdba authentication
cve-2008-1880
nvd
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
84.0%
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firebird:firebird | firebird | le | 2.0.3.12981.0 |
Related
ubuntucve
ubuntucve
CVE-2008-1880
2008-05-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200805-06 (firebird)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200805-06 (firebird)
2008-09-24 00:00:00
nessus
nessus
Firebird on Gentoo Linux /etc/conf.d/firebird Invocation ISC_PASSWORD Authentication Bypass
2008-05-14 00:00:00
GLSA-200805-06 : Firebird: Data disclosure
2008-05-11 00:00:00
prion
prion
Default configuration
2008-05-12 16:20:00
seebug
seebug
Firebird ISC_PASSWORD环境变量非授权访问漏洞
2008-05-14 00:00:00
gentoo
gentoo
Firebird: Data disclosure
2008-05-09 00:00:00
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
84.0%
Related for CVE-2008-1880