| Subject | Re: Vulnerability and Fix?? |
|---|---|
| Author | PRoyston |
| Post date | 2008-03-27T14:58:22Z |
--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...>
wrote:
vulnerability where someone was able to run cmd.exe from our system
based on this vulnerability (below).
response. This exploit was used to compromise one of our production
servers. We are using Firebird 1.5.5. Do we need to upgrade to
2.0.3 to resolve this issue? I don't see a reference to CORE-1405 in
the 1.5 release notes. We had resisted upgrading our production
server since 1.5 was serving us well.
wrote:
>system out on the Internet. We received an email about a
> >Generally we install on systems behind a firewall, but have one
vulnerability where someone was able to run cmd.exe from our system
based on this vulnerability (below).
> >(search for CORE-1405)
> >Can someone explain the issue
>
> http://tracker.firebirdsql.org/browse/CORE-1405
>
> Fixed at Fb 2.0.2. Check the bugfix list from the Doc Index
> Get Fb 2.0.3 or wait a couple of weeks for Fb 2.0.4I asked about firebird launching cmd.exe last week, but got no
>
> ./heLen
>
response. This exploit was used to compromise one of our production
servers. We are using Firebird 1.5.5. Do we need to upgrade to
2.0.3 to resolve this issue? I don't see a reference to CORE-1405 in
the 1.5 release notes. We had resisted upgrading our production
server since 1.5 was serving us well.