MiracleLinux 3 : nss_db-2.2-35.4.AXS3 (AXSA:2010-227:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-227:01 advisory. Nssdb is a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol,...

Oracle Linux 5 : nss_db (ELSA-2010-0347)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0347 advisory. 2.2-35.4 - import Kees Cook's patch to fix accidental leakage of part of ./DBCONFIG 580542, CVE-2010-0826 Tenable has extracted the preceding description block...

Scientific Linux Security Update : nss_db on SL5.x i386/x86_64

It was discovered that nssdb did not specify a path to the directory to be used as the database environment for the Berkeley Database library, causing it to use the current working directory as the default. This could possibly allow a local attacker to obtain sensitive information. CVE-2010-0826...

CentOS Update for nss_db CESA-2010:0347 centos5 i386

Check for the Version of nssdb OpenVAS Vulnerability Test CentOS Update for nssdb CESA-2010:0347 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

VMSA-2010-0015:VMware ESX third party updates for Service Console

VMSA-2010-0015.1 VMware ESX third party updates for Service Console VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2010-0015.1 VMware Security Advisory Synopsis: VMware ESX third party updates for Service Console VMware Security Advisory Issue date: 2010-09-30 VMware Security...

VMSA-2010-0015 : VMware ESX third-party updates for Service Console

a. Service Console update for NSSdb The service console package NSSdb is updated to version nssdb-2.2-35.4.el55. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2010-0826 to this issue. b. Service Console update for OpenLDAP The service console package...

Fedora 12 : nss_db-2.2-47.fc12 (2010-6361)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

Fedora 13 : nss_db-2.2.3-0.3.pre1.fc13 (2010-6203)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

Fedora 11 : nss_db-2.2-46.fc11 (2010-6331)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

CentOS 5 : nss_db (CESA-2010:0347)

Updated nssdb packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Fedora Update for nss_db FEDORA-2010-6331

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for nss_db FEDORA-2010-6361

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

GNU libnss_db 2.2.3 库本地信息泄露漏洞

BUGTRAQ ID: 39132 CVE ID: CVE-2010-0826 nssdb软件包提供了一套C库扩展，允许将Berkeley DB数据库用作别名、组、主机、网络、协议、用户、RPC、服务和影子口令的主来源。 nssdb库在遇到解析错误时可能会显示DBCONFIG文件的某些内容，本地用户可以通过将DBCONFIG符号链接到受限制的文件上然后执行使用该库的suid root应用程序来读取敏感信息。 GNU libnssdb 2.2.3 厂商补丁： GNU --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Mandriva Update for nss_db MDVSA-2010:077 (nss_db)

Check for the Version of nssdb OpenVAS Vulnerability Test Mandriva Update for nssdb MDVSA-2010:077 nssdb Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

nss_db security update

2.2-35.4 - import Kees Cook's patch to fix accidental leakage of part of ./DBCONFIG 580542, CVE-2010-0826...

CVE-2010-0826

The CVE-2010-0826 issue affects the Free Software Foundation’s Berkeley DB NSS module (libnss-db) in the nss_db package (2.2.3pre1). The vulnerability arises because DB_CONFIG can be read from the current working directory, enabling a local attacker with setgid/setuid usage of the module to exfil...