MiracleLinux 3 : nss_db-2.2-35.4.AXS3 (AXSA:2010-227:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-227:01 advisory. Nssdb is a set of C library extensions which allow Berkeley Databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol,...

DEBIAN-CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

RHEL 5 : libdb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libdb: Reads DBCONFIG from the current working directory CVE-2017-10140 - Vulnerability in the Data Store...

SUSE SLES12 Security Update : openldap2 (SUSE-SU-2020:1859-1)

This update for openldap2 fixes the following issues : CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAPCONFIGBACKEND='ldap' was used bsc1172698. Changed DBCONFIG to root:ldap permissions bsc1172704. Fixed an issue where slapd becomes unresponsive after...

SUSE-SU-2020:1859-1 Security update for openldap2

This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAPCONFIGBACKEND='ldap' was used bsc1172698. - Changed DBCONFIG to root:ldap permissions bsc1172704. - Fixed an issue where slapd becomes unresponsive...

libdb: Reads DB_CONFIG from the current working directory

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

Updated db48 and db53 packages fix security vulnerability

It was found that Berkeley DB reads the DBCONFIG configuration file from the current working directory by default. This happens when calling dbcreate with dbenv=NULL; or using the dbmopen function CVE-2017-10140...

CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

Fedora 26 : libdb (2017-2b68e14594)

Security fix for DBCONFIG parsing when dbhome is not set. This update also introduces modified fixes for rhbz1394862 once again and additionally fixes ppc specific hangs described in rhbz1460003. Please be aware that this update is expected to cause DBVERSIONMISMATCH errors during installation if...

Fedora 25 : libdb (2017-372bb1edb3)

Security fix for DBCONFIG parsing when dbhome is not set. This update also introduces modified fixes for rhbz1394862 once again and additionally fixes ppc specific hangs described in rhbz1460003. Please be aware that this update is expected to cause DBVERSIONMISMATCH errors during installation if...

Fedora 24 : libdb (2017-014d67fa9d)

Security fix for DBCONFIG parsing when dbhome is not set. This update also introduces modified fixes for rhbz1394862 once again and additionally fixes ppc specific hangs described in rhbz1460003. Please be aware that this update is expected to cause DBVERSIONMISMATCH errors during installation if...

Fedora 12 : nss_db-2.2-47.fc12 (2010-6361)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

Fedora 13 : nss_db-2.2.3-0.3.pre1.fc13 (2010-6203)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

Fedora 11 : nss_db-2.2-46.fc11 (2010-6331)

Stephane Chazelas reported that the nssdb module attempts to read a DBCONFIG file in the current directory when it is used. If the contents of the file can't be parsed properly, the copy of libdb which nssdb uses will print an error message. If nssdb is invoked from a setuid process, it may then...

DEBIAN-CVE-2010-0826

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

Design/Logic Flaw

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...

CVE-2010-0826

The Free Software Foundation FSF Berkeley DB NSS module aka libnss-db 2.2.3pre1 reads the DBCONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module...