| Subject | PCI/PA-DSS Compliance |
|---|---|
| Author | Lee Jenkins |
| Post date | 2009-03-18T14:50:35Z |
One of our customers recently underwent a security audit by a registered PA-DSS
Auditor:
https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml
Bad News: Our POS application failed because we're using FB 1.5 which has some
exploit vulerabilities.
Good News: Upgrading our customers to FB 2.1 + resolves the only issue found
with our software. Not surprising since we've been ramping up for PA-DSS
certification for the last six months, but the auditing company was familiar
with FirebirdSQL.
"Firebird Database Server Stack Overflow
The remote host has been identified as running a version of the
Firebirt SQL database server that is vulnerable to stack overflow of the
protocol handling routine."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3181
Just good googling or is Firebird becoming prominent enough where it's
development is included by default in the KB's of companies like this?
--
Warm Regards,
Lee
Auditor:
https://www.pcisecuritystandards.org/security_standards/pa_dss.shtml
Bad News: Our POS application failed because we're using FB 1.5 which has some
exploit vulerabilities.
Good News: Upgrading our customers to FB 2.1 + resolves the only issue found
with our software. Not surprising since we've been ramping up for PA-DSS
certification for the last six months, but the auditing company was familiar
with FirebirdSQL.
"Firebird Database Server Stack Overflow
The remote host has been identified as running a version of the
Firebirt SQL database server that is vulnerable to stack overflow of the
protocol handling routine."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3181
Just good googling or is Firebird becoming prominent enough where it's
development is included by default in the KB's of companies like this?
--
Warm Regards,
Lee