cpe:/a:firebird:firebird:2.0.3.12981.0 cpe:/a:firebird:firebird:2.0.3.12981.0:r5 CVE-2008-1880 2008-05-12T12:20:00.000-04:00 2017-08-07T21:30:33.107-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-05-12T13:17:00.000-04:00 BID 29123 SECUNIA 30162 GENTOO GLSA-200805-06 XF firebird-sysdba-unath-access(42299) CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=216158 The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.