Vulnerability Details CVE-2008-1880
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://bugs.gentoo.org/show_bug.cgi?id=216158
- http://secunia.com/advisories/30162
- http://security.gentoo.org/glsa/glsa-200805-06.xml
- http://www.securityfocus.com/bid/29123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42299
- http://bugs.gentoo.org/show_bug.cgi?id=216158
- http://secunia.com/advisories/30162
- http://security.gentoo.org/glsa/glsa-200805-06.xml
- http://www.securityfocus.com/bid/29123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42299
Products affected by CVE-2008-1880
-
cpe:2.3:a:firebird:firebird:*
-
cpe:2.3:a:firebird:firebird:2.0.3.12981.0
-
cpe:2.3:o:gentoo:linux:-
-
cpe:2.3:o:gentoo:linux:1.2
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:gentoo:linux:2.1.30
-
cpe:2.3:o:gentoo:linux:2.2.28
-
cpe:2.3:o:gentoo:linux:2.3.30