[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd

http://www.postfix.org/announcements/postfix-3.2.2.html

RHSA-2019:0366

https://www.oracle.com/security-alerts/cpujul2020.html

According to the version of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - ** RESERVED ** This candidate has been reserved by an     organization or individual that will use it when     announcing a new security problem. When the candidate     has been publicized, the details for this candidate     will be provided.(CVE-2017-10140)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libdb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x     before 3.1.6, and 3.2.x before 3.2.2 might allow local     users to gain privileges by leveraging undocumented     functionality in Berkeley DB 2.x and later, related to     reading settings from DB_CONFIG in the current     directory.(CVE-2017-10140)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x     before 3.1.6, and 3.2.x before 3.2.2 might allow local     users to gain privileges by leveraging undocumented     functionality in Berkeley DB 2.x and later, related to     reading settings from DB_CONFIG in the current     directory.(CVE-2017-10140)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of macOS that is prior to 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Apache
 - AppSandbox
 - AppleScript
 - Application Firewall
 - ATS
 - Audio
 - CFNetwork
 - CFNetwork Proxies
 - CFString
 - Captive Network Assistant
 - CoreAudio
 - CoreText
 - DesktopServices
 - Directory Utility
 - file
 - Fonts
 - fsck_msdos
 - HFS
 - Heimdal
 - HelpViewer
 - IOFireWireFamily
 - ImageIO
 - Installer
 - Kernel
 - kext tools
 - libarchive
 - libc
 - libexpat
 - Mail
 - Mail Drafts
 - ntp
 - Open Scripting Architecture
 - PCRE
 - Postfix
 - Quick Look
 - QuickTime
 - Remote Management
 - SQLite
 - Sandbox
 - Screen Lock
 - Security
 - Spotlight
 - WebKit
 - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

According to the version of the postfix packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x     before 3.1.6, and 3.2.x before 3.2.2 might allow local     users to gain privileges by leveraging undocumented     functionality in Berkeley DB 2.x and later, related to     reading settings from DB_CONFIG in the current     directory.(CVE-2017-10140)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :

  - 802.1X
  - apache
  - AppleScript
  - ATS
  - Audio
  - CFString
  - CoreText
  - curl
  - Dictionary Widget
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - ImageIO
  - Kernel
  - libarchive
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - Sandbox
  - StreamingZip
  - tcpdump
  - Wi-Fi

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.

For Debian 7 'Wheezy', these problems have been fixed in version 4.7.25-21+deb7u1.

We recommend that you upgrade your db4.7 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.

For Debian 7 'Wheezy', these problems have been fixed in version 4.8.30-12+deb7u1.

We recommend that you upgrade your db4.8 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.

For Debian 7 'Wheezy', these problems have been fixed in version 5.1.29-5+deb7u1.

We recommend that you upgrade your db packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - AppSandbox
  - AppleScript
  - Application Firewall
  - ATS
  - Audio
  - CFNetwork
  - CFNetwork Proxies
  - CFString
  - Captive Network Assistant
  - CoreAudio
  - CoreText
  - DesktopServices
  - Directory Utility
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - IOFireWireFamily
  - ImageIO
  - Installer
  - Kernel
  - kext tools
  - libarchive
  - libc
  - libexpat
  - Mail
  - Mail Drafts
  - ntp
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - SQLite
  - Sandbox
  - Screen Lock
  - Security
  - Spotlight
  - WebKit
  - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
137961	EulerOS Virtualization 3.0.6.0 : libdb (EulerOS-SA-2020-1742)	Nessus	Huawei Local Security Checks	high
136238	EulerOS Virtualization for ARM 64 3.0.2.0 : libdb (EulerOS-SA-2020-1535)	Nessus	Huawei Local Security Checks	high
129131	EulerOS 2.0 SP5 : libdb (EulerOS-SA-2019-1974)	Nessus	Huawei Local Security Checks	high
700511	macOS < 10.13 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
110869	EulerOS 2.0 SP3 : postfix (EulerOS-SA-2018-1205)	Nessus	Huawei Local Security Checks	high
110868	EulerOS 2.0 SP2 : postfix (EulerOS-SA-2018-1204)	Nessus	Huawei Local Security Checks	high
104739	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : db5.3 vulnerability (USN-3489-1)	Nessus	Ubuntu Local Security Checks	high
104379	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)	Nessus	MacOS X Local Security Checks	critical
103949	Debian DLA-1137-1 : db4.7 security update	Nessus	Debian Local Security Checks	high
103948	Debian DLA-1136-1 : db4.8 security update	Nessus	Debian Local Security Checks	high
103947	Debian DLA-1135-1 : db security update	Nessus	Debian Local Security Checks	high
103598	macOS < 10.13 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2017-10140

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

critical

high

high

high

critical

high

high

high

critical