So the only solution is disabling external UDF libraries from being loaded
by changing configuration from UdfAccess=Restrict to UdfAccess=None

On Thu, Apr 12, 2018 at 2:34 PM, Alex Peshkoff via Firebird-devel <
firebird-devel@lists.sourceforge.net> wrote:

> On 04/12/18 10:37, marius adrian popa wrote:
>
>> https://www.tenable.com/security/research/tra-2017-36
>>
>
> That's fixed in FB4 - loading UDFs is denied by default configuration, use
> of them is deprecated, replacement is UDRs which are nt affected by
> mentioned vulnerability.
> In FB3 one should be sysdba or granted special right to declare extrernal
> functions. This does not solve the problem - just makes it a bit less
> dangerous.
> We can't do something better with this, therefore no fixes for current
> releases.
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> Firebird-Devel mailing list, web interface at
> https://lists.sourceforge.net/lists/listinfo/firebird-devel
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to