Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3283
HistoryMay 14, 2008 - 12:00 a.m.

Firebird ISC_PASSWORD环境变量非授权访问漏洞

2008-05-1400:00:00
Root
www.seebug.org
16

0.011 Low

EPSS

Percentile

82.5%

JSON

BUGTRAQ ID: 29123
CVE(CAN) ID: CVE-2008-1880

Firebird是一款提供多个ANSI SQL-92功能的关系型数据库,可运行在Linux、Windows和各种Unix平台下

Gentoo的init脚本(/etc/conf.d/firebird)在启动Firebird时默认会设置ISC_PASSWORD环境变量,当以SYSDBA用户身份连接的客户端没有提供口令时会使用这个变量,这允许远程攻击者无需提供凭据便认证为SYSDBA用户,访问除用户和口令数据库之外的整个数据库。

Firebird 2.0.3.12981.0
Gentoo

Gentoo已经为此发布了一个安全公告(GLSA-200805-06)以及相应补丁:
GLSA-200805-06:Firebird: Data disclosure
链接:<a href=“http://security.gentoo.org/glsa/glsa-200805-06.xml” target=“_blank”>http://security.gentoo.org/glsa/glsa-200805-06.xml</a>

所有Firebird用户都应升级到最新版本:

# emerge --sync
# emerge --ask --oneshot -v &quot;&gt;=dev-db/firebird-2.0.3.12981.0-r6&quot;

Related

openvas 2
ubuntucve 1
gentoo 1
nessus 2
prion 1
cvelist 1
cve 1
openvas
openvas
Gentoo Security Advisory GLSA 200805-06 (firebird)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200805-06 (firebird)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2008-1880
2008-05-12 00:00:00
gentoo
gentoo
Firebird: Data disclosure
2008-05-09 00:00:00
nessus
nessus
GLSA-200805-06 : Firebird: Data disclosure
2008-05-11 00:00:00
Firebird on Gentoo Linux /etc/conf.d/firebird Invocation ISC_PASSWORD Authentication Bypass
2008-05-14 00:00:00
prion
prion
Default configuration
2008-05-12 16:20:00
cvelist
cvelist
CVE-2008-1880
2008-05-12 16:00:00
cve
cve
CVE-2008-1880
2008-05-12 16:20:00

0.011 Low

EPSS

Percentile

82.5%

JSON
Related for SSV:3283
openvas2ubuntucve1gentoo1nessus2prion1cvelist1cve1