Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE FUNCTION privileges can use a crafted ENGINE name to load an arbitrary shared library from anywhere on the filesystem via path traversal. The library's initialization code executes immediately during loading, before Firebird validates the module, achieving code execution as the server's OS account. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14.
The external engine plugin loader mechanism directly concatenates the user-supplied engine name with the system path, without filtering path separators or path traversal sequences such as '..'. An attacker with CREATE FUNCTION privileges can define a function with a crafted ENGINE name containing path traversal sequences, causing an arbitrary shared library to be loaded from any location in the file system. The initialization code of the loaded library is executed immediately upon loading, before Firebird performs any module validation, resulting in immediate code execution as the server system account.
An attacker can gain full control over the database server by executing arbitrary code in the context of the Firebird process system account, leading to breach of confidentiality, integrity and availability of data as well as potentially the entire host operating system.
Firebird should be updated to version 5.0.4, 4.0.7 or 3.0.14 depending on the product branch in use. Patches are available in the manufacturer's GitHub repositories. Additionally, it is recommended to restrict the granting of CREATE FUNCTION permission exclusively to trusted and necessary users.
Firebird in versions prior to 5.0.4, 4.0.7 and 3.0.14
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HFirebirdsql Firebird
APPFirebirdsql< 3.0.144.0.0 – 4.0.7 (bez)5.0.0 – 5.0.4 (bez)
Related vulnerabilities
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and...
Firebird is an open-source relational database management system. In versions FB3 of the client library placed...
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14...