CVE-2010-0826

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038760.html

http://secunia.com/advisories/39165

http://www.mandriva.com/security/advisories?name=MDVSA-2010:077

http://www.securityfocus.com/bid/39132

http://www.ubuntu.com/usn/USN-922-1

http://www.vupen.com/english/advisories/2010/0776

http://www.vupen.com/english/advisories/2010/0841

http://www.vupen.com/english/advisories/2010/0903

https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10727

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6681

Details

Source: MITRE

Published: 2010-04-05

Updated: 2017-09-19

Type: CWE-200

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
89742VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check)NessusVMware ESX Local Security Checks
critical
68030Oracle Linux 5 : nss_db (ELSA-2010-0347)NessusOracle Linux Local Security Checks
low
60780Scientific Linux Security Update : nss_db on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
low
49703VMSA-2010-0015 : VMware ESX third-party updates for Service ConsoleNessusVMware ESX Local Security Checks
critical
48179Mandriva Linux Security Advisory : nss_db (MDVSA-2010:077)NessusMandriva Local Security Checks
low
47434Fedora 12 : nss_db-2.2-47.fc12 (2010-6361)NessusFedora Local Security Checks
low
47431Fedora 11 : nss_db-2.2-46.fc11 (2010-6331)NessusFedora Local Security Checks
low
47423Fedora 13 : nss_db-2.2.3-0.3.pre1.fc13 (2010-6203)NessusFedora Local Security Checks
low
46755CentOS 5 : nss_db (CESA-2010:0347)NessusCentOS Local Security Checks
low
46297RHEL 5 : nss_db (RHSA-2010:0347)NessusRed Hat Local Security Checks
low
45398Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : libnss-db vulnerability (USN-922-1)NessusUbuntu Local Security Checks
low