CentOS Update for nss_db CESA-2010:0347 centos5 i386

2011-08-0900:00:00

plugins.openvas.org

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2010-May/016705.html");
  script_oid("1.3.6.1.4.1.25623.1.0.880644");
  script_version("2023-07-12T05:05:04+0000");
  script_tag(name:"last_modification", value:"2023-07-12 05:05:04 +0000 (Wed, 12 Jul 2023)");
  script_tag(name:"creation_date", value:"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)");
  script_tag(name:"cvss_base", value:"1.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:N/A:N");
  script_xref(name:"CESA", value:"2010:0347");
  script_cve_id("CVE-2010-0826");
  script_name("CentOS Update for nss_db CESA-2010:0347 centos5 i386");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'nss_db'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS5");
  script_tag(name:"affected", value:"nss_db on CentOS 5");
  script_tag(name:"insight", value:"The nss_db packages provide a set of C library extensions which allow
  Berkeley Database (Berkeley DB) databases to be used as a primary source of
  aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services,
  and shadow passwords. These databases are used instead of or in addition to
  the flat files used by these tools by default.

  It was discovered that nss_db did not specify a path to the directory to be
  used as the database environment for the Berkeley Database library, causing
  it to use the current working directory as the default. This could possibly
  allow a local attacker to obtain sensitive information. (CVE-2010-0826)

  Users of nss_db are advised to upgrade to these updated packages, which
  contain a backported patch to correct this issue.");
  script_tag(name:"solution", value:"Please install the updated packages.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";

if(release == "CentOS5")
{

  if ((res = isrpmvuln(pkg:"nss_db", rpm:"nss_db~2.2~35.4.el5_5", rls:"CentOS5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}