diff options
author | Sylvain Beucler <beuc@beuc.net> | 2021-11-18 17:05:19 +0100 |
---|---|---|
committer | Sylvain Beucler <beuc@beuc.net> | 2021-11-18 17:05:19 +0100 |
commit | 8ab7bd933e7631e761f794b86c721985f7f6783b (patch) | |
tree | 091799ee075e1f8714cd4c8540c443dacce64054 | |
parent | c4aba7348fa026c0ae0e5f9e97ecfcb8ca7a304d (diff) |
CVE-2017-11509/firebird3.0: add bug reference
-rw-r--r-- | data/CVE/list.2017 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 7c552d95ec..6d2a72c19f 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -21223,10 +21223,11 @@ CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in F [stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update) - firebird2.5 <removed> NOTE: https://www.tenable.com/security/research/tra-2017-36 + NOTE: https://github.com/FirebirdSQL/firebird/issues/5787 NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed NOTE: in "any current release". NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix, - NOTE: and might actually be considered more justof a mitigation. + NOTE: and might actually be considered more of just a mitigation. NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) NOT-FOR-US: SecurityCenter |