summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Beucler <beuc@beuc.net>2021-11-18 17:05:19 +0100
committerSylvain Beucler <beuc@beuc.net>2021-11-18 17:05:19 +0100
commit8ab7bd933e7631e761f794b86c721985f7f6783b (patch)
tree091799ee075e1f8714cd4c8540c443dacce64054
parentc4aba7348fa026c0ae0e5f9e97ecfcb8ca7a304d (diff)
CVE-2017-11509/firebird3.0: add bug reference
-rw-r--r--data/CVE/list.20173
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 7c552d95ec..6d2a72c19f 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -21223,10 +21223,11 @@ CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in F
[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
- firebird2.5 <removed>
NOTE: https://www.tenable.com/security/research/tra-2017-36
+ NOTE: https://github.com/FirebirdSQL/firebird/issues/5787
NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed
NOTE: in "any current release".
NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix,
- NOTE: and might actually be considered more justof a mitigation.
+ NOTE: and might actually be considered more of just a mitigation.
NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at
CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
NOT-FOR-US: SecurityCenter

© 2014-2024 Faster IT GmbH | imprint | privacy policy