Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19474
HistoryApr 19, 2010 - 12:00 a.m.

GNU libnss_db 2.2.3 库本地信息泄露漏洞

2010-04-1900:00:00
Root
www.seebug.org
13

0.0004 Low

EPSS

Percentile

5.7%

JSON

BUGTRAQ ID: 39132
CVE ID: CVE-2010-0826

nss_db软件包提供了一套C库扩展,允许将Berkeley DB数据库用作别名、组、主机、网络、协议、用户、RPC、服务和影子口令的主来源。

nss_db库在遇到解析错误时可能会显示DB_CONFIG文件的某些内容,本地用户可以通过将DB_CONFIG符号链接到受限制的文件上然后执行使用该库的suid root应用程序来读取敏感信息。

GNU libnss_db 2.2.3
厂商补丁:

GNU

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0347-01)以及相应补丁:
RHSA-2010:0347-01:Moderate: nss_db security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0347.html

Ubuntu

Ubuntu已经为此发布了一个安全公告(USN-922-1)以及相应补丁:
USN-922-1:libnss-db vulnerability
链接:https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001069.html


                                                sudo apt-get install libnss-db
sudo /etc/init.d/nscd stop (in case nscd is installed)
sudo ln -s /etc/shadow DB_CONFIG
$ sudo
line 1: root:*:14553:0:99999:7:::: incorrect name-value pair
[...]

Related

openvas 13
cve 1
fedora 3
nessus 11
ubuntucve 1
oraclelinux 1
securityvulns 2
debiancve 1
redhat 1
ubuntu 1
centos 1
prion 1
vmware 2
openvas
openvas
CentOS Update for nss_db CESA-2010:0347 centos5 i386
2011-08-09 00:00:00
Oracle: Security Advisory (ELSA-2010-0347)
2015-10-06 00:00:00
RedHat Update for nss_db RHSA-2010:0347-01
2010-04-16 00:00:00
cve
cve
CVE-2010-0826
2010-04-05 15:30:00
fedora
fedora
[SECURITY] Fedora 12 Update: nss_db-2.2-47.fc12
2010-05-06 03:41:31
[SECURITY] Fedora 11 Update: nss_db-2.2-46.fc11
2010-05-06 03:45:33
[SECURITY] Fedora 13 Update: nss_db-2.2.3-0.3.pre1.fc13
2010-04-09 04:02:38
nessus
nessus
Fedora 13 : nss_db-2.2.3-0.3.pre1.fc13 (2010-6203)
2010-07-01 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libnss-db vulnerability (USN-922-1)
2010-04-01 00:00:00
Oracle Linux 5 : nss_db (ELSA-2010-0347)
2013-07-12 00:00:00
ubuntucve
ubuntucve
CVE-2010-0826
2010-03-31 00:00:00
oraclelinux
oraclelinux
nss_db security update
2010-04-13 00:00:00
securityvulns
securityvulns
[USN-922-1] libnss-db vulnerability
2010-04-05 00:00:00
libnss-db unauthorized files access
2010-04-05 00:00:00
debiancve
debiancve
CVE-2010-0826
2010-04-05 15:30:00
redhat
redhat
(RHSA-2010:0347) Moderate: nss_db security update
2010-04-13 00:00:00
ubuntu
ubuntu
libnss-db vulnerability
2010-03-31 00:00:00
centos
centos
nss_db security update
2010-05-28 10:47:08
prion
prion
Design/Logic Flaw
2010-04-05 15:30:00
vmware
vmware
VMware ESX third party updates for Service Console
2010-09-30 00:00:00
VMware ESX third party updates for Service Console
2010-09-30 00:00:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSV:19474
openvas13cve1fedora3nessus11ubuntucve1oraclelinux1securityvulns2debiancve1redhat1ubuntu1centos1prion1vmware2