SynopsisA database server installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe version of Firebird SQL Server for Linux installed on the remote host is 2.5.x prior to 2.5.7 or 3.0.x prior to 3.0.2. It is, therefore, affected by a flaw in the UDF component due to insufficient restrictions on access to external functions by the symbols of the UDF library. An authenticated, remote attacker can exploit this issue, via a 'system' entry point from fbudf.so, to execute arbitrary code in the context of the Firebird server process.
SolutionUpgrade to Firebird SQL Server version 2.5.7 / 3.0.2 or later.