LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

firebird: information disclosure

Package(s):firebird CVE #(s):CVE-2008-1880
Created:May 9, 2008 Updated:May 14, 2008
Description: From the Gentoo advisory: Viesturs reported that the default configuration for Gentoo's init script ("/etc/conf.d/firebird") sets the "ISC_PASSWORD" environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the "SYSDBA" user.
Alerts:
Gentoo 200805-06 2008-05-09
(Log in to post comments)

firebird: information disclosure

Posted May 23, 2008 8:11 UTC (Fri) by mariuz (guest, #24892) [Link] 

bug affects debian and ubuntu too 

but now is fixed in debian 
for firebird 2.0 package 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481389
and firebird 2.1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481408

and ubuntu firebird 2.0/2.1 package

https://bugs.launchpad.net/ubuntu/+source/firebird2.0/+bu...

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds