Various UDF-related security vulnerabilities
--------------------------------------------
Key: CORE-5657
URL: http://tracker.firebirdsql.org/browse/CORE-5657
Project: Firebird Core
Issue Type: Bug
Components: UDF
Affects Versions: 4.0 Alpha 1, 3.0.2, 2.5.7, 3.0.1
Reporter: Alexander Peshkov
Initial design of UDF always used to be security problem. The most dangerous
security holes when UDFs and external tables are used simultaneousky were fixed
in FB 1.5. But even after it incorrectly declared (using SQL statement DECLARE
EXTERNAL FUNCTION) UDF can easily cause various security issues like server
crash or execution of arbitrary code.
See details in sub-taks.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
