CVE-2008-1880

EUVD-2008-1880
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
firebirdfirebird
𝑥
≤ 2.0.3.12981.0
firebirdfirebird
2.0.3.12981.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firebird2
dapper
ignored
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
firebird2.0
dapper
dne
feisty
dne
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=216158
http://secunia.com/advisories/30162
http://security.gentoo.org/glsa/glsa-200805-06.xml
http://www.securityfocus.com/bid/29123
https://exchange.xforce.ibmcloud.com/vulnerabilities/42299
http://bugs.gentoo.org/show_bug.cgi?id=216158
http://secunia.com/advisories/30162
http://security.gentoo.org/glsa/glsa-200805-06.xml
http://www.securityfocus.com/bid/29123
https://exchange.xforce.ibmcloud.com/vulnerabilities/42299