Firebird SQL Server for Linux 2.5.x < 2.5.7 / 3.0.x < 3.0.2 UDF Libraries RCE

Medium Nessus Plugin ID 99132


A database server installed on the remote host is affected by a remote code execution vulnerability.


The version of Firebird SQL Server for Linux installed on the remote host is 2.5.x prior to 2.5.7 or 3.0.x prior to 3.0.2. It is, therefore, affected by a flaw in the UDF component due to insufficient restrictions on access to external functions by the symbols of the UDF library. An authenticated, remote attacker can exploit this issue, via a 'system' entry point from, to execute arbitrary code in the context of the Firebird server process.


Upgrade to Firebird SQL Server version 2.5.7 / 3.0.2 or later.

See Also

Plugin Details

Severity: Medium

ID: 99132

File Name: firebird_CVE-2017-6369.nasl

Version: 1.5

Type: local

Family: General

Published: 2017/03/31

Updated: 2018/07/12

Dependencies: 99133, 80103

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:firebirdsql:firebird

Required KB Items: installed_sw/Firebird SQL Server

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/02/17

Vulnerability Publication Date: 2017/02/01

Reference Information

CVE: CVE-2017-6369

BID: 97070

IAVB: 2017-B-0039