Home

CVE-2017-6369

Description

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a system entrypoint from fbudf.so.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.854

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2012-5529,CVE-2013-2492,CVE-2017-6369 are affected in Firebird 2.5.1Windows
Vulnerabilities CVE-2013-2492,CVE-2017-6369 are affected in Firebird 2.5.2Windows
Vulnerabilities CVE-2013-2492,CVE-2017-6369 are affected in Firebird 2.5.3Windows
Vulnerabilities CVE-2017-6369 are affected in Firebird 2.5.4Windows
Vulnerabilities CVE-2016-1569,CVE-2017-6369 are affected in Firebird 2.5.5Windows
Vulnerabilities CVE-2017-6369 are affected in Firebird 2.5.6Windows
Vulnerabilities CVE-2017-6369 are affected in Firebird 3.0Windows
Vulnerabilities CVE-2017-6369 are affected in Firebird 3.0.1Windows
Vulnerabilities CVE-2013-2492,CVE-2014-9323,CVE-2017-6369 are affected in Firebird 2.5.3Windows
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) libib-util_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) libib-util_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) libfbclient2_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) libfbclient2_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) libfbembed2.5_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) libfbembed2.5_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-super_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-super_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-classic_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-classic_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-superclassic_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-superclassic_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-server-common_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-server-common_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-classic-common_2.5.2.26540.ds4-9ubuntu1.1_i386.debLinux
A full-featured, open source SQL database derived from Borland InterBase 6.0 (USN-3929-1) firebird2.5-classic-common_2.5.2.26540.ds4-9ubuntu1.1_amd64.debLinux
SUSE-SU-2017:1156-1(SUSE Linux Enterprise Desktop 12-SP1 ) firebird-classic-debuginfo-2.5.2.26539-15.1.x86_64.rpmLinux
SUSE-SU-2017:1156-1(SUSE Linux Enterprise Desktop 12-SP1 ) firebird-classic-debugsource-2.5.2.26539-15.1.x86_64.rpmLinux
SUSE-SU-2017:1156-1(SUSE Linux Enterprise Desktop 12-SP1 ) libfbembed2_5-2.5.2.26539-15.1.x86_64.rpmLinux
SUSE-SU-2017:1156-1(SUSE Linux Enterprise Desktop 12-SP1 ) libfbembed2_5-debuginfo-2.5.2.26539-15.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234