Firebird security bug fixed in gentoo linux

May 13, 2008 mariuz Leave a comment

Firebird allows remote connections to the administrative account without verifying credentials.

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1880

tagged with firebird, gentoo, linux

Firebird security bug fixed in gentoo linux

Leave a Reply Cancel reply