Lucene search

K
ubuntuUbuntuUSN-922-1
HistoryMar 31, 2010 - 12:00 a.m.

libnss-db vulnerability

2010-03-3100:00:00
ubuntu.com
31

6.1 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

Releases

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04

Packages

  • libnss-db -

Details

Stephane Chazelas discovered that libnss-db did not correctly set up a
database environment. A local attacker could exploit this to read the
first line of arbitrary files, leading to a loss of privacy and possibly
privilege escalation.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchlibnss-db<Β 2.2.3pre1-3ubuntu3.9.10.2UNKNOWN
Ubuntu9.04noarchlibnss-db<Β 2.2.3pre1-3ubuntu3.9.04.2UNKNOWN
Ubuntu8.10noarchlibnss-db<Β 2.2.3pre1-3ubuntu1.8.10.2UNKNOWN
Ubuntu8.04noarchlibnss-db<Β 2.2.3pre1-3ubuntu1.8.04.2UNKNOWN

6.1 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%