[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd

http://www.postfix.org/announcements/postfix-3.2.2.html

RHSA-2019:0366

According to the version of the libdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x     before 3.1.6, and 3.2.x before 3.2.2 might allow local     users to gain privileges by leveraging undocumented     functionality in Berkeley DB 2.x and later, related to     reading settings from DB_CONFIG in the current     directory.(CVE-2017-10140)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of macOS that is prior to 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

 - Apache
 - AppSandbox
 - AppleScript
 - Application Firewall
 - ATS
 - Audio
 - CFNetwork
 - CFNetwork Proxies
 - CFString
 - Captive Network Assistant
 - CoreAudio
 - CoreText
 - DesktopServices
 - Directory Utility
 - file
 - Fonts
 - fsck_msdos
 - HFS
 - Heimdal
 - HelpViewer
 - IOFireWireFamily
 - ImageIO
 - Installer
 - Kernel
 - kext tools
 - libarchive
 - libc
 - libexpat
 - Mail
 - Mail Drafts
 - ntp
 - Open Scripting Architecture
 - PCRE
 - Postfix
 - Quick Look
 - QuickTime
 - Remote Management
 - SQLite
 - Sandbox
 - Screen Lock
 - Security
 - Spotlight
 - WebKit
 - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

According to the version of the postfix packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x     before 3.1.6, and 3.2.x before 3.2.2 might allow local     users to gain privileges by leveraging undocumented     functionality in Berkeley DB 2.x and later, related to     reading settings from DB_CONFIG in the current     directory.(CVE-2017-10140)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :

  - 802.1X
  - apache
  - AppleScript
  - ATS
  - Audio
  - CFString
  - CoreText
  - curl
  - Dictionary Widget
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - ImageIO
  - Kernel
  - libarchive
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - Sandbox
  - StreamingZip
  - tcpdump
  - Wi-Fi

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.

For Debian 7 'Wheezy', these problems have been fixed in version 4.7.25-21+deb7u1.

We recommend that you upgrade your db4.7 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.

For Debian 7 'Wheezy', these problems have been fixed in version 4.8.30-12+deb7u1.

We recommend that you upgrade your db4.8 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files.

For Debian 7 'Wheezy', these problems have been fixed in version 5.1.29-5+deb7u1.

We recommend that you upgrade your db packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - AppSandbox
  - AppleScript
  - Application Firewall
  - ATS
  - Audio
  - CFNetwork
  - CFNetwork Proxies
  - CFString
  - Captive Network Assistant
  - CoreAudio
  - CoreText
  - DesktopServices
  - Directory Utility
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - IOFireWireFamily
  - ImageIO
  - Installer
  - Kernel
  - kext tools
  - libarchive
  - libc
  - libexpat
  - Mail
  - Mail Drafts
  - ntp
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - SQLite
  - Sandbox
  - Screen Lock
  - Security
  - Spotlight
  - WebKit
  - zlib

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

ID	Name	Product	Family	Severity
129131	EulerOS 2.0 SP5 : libdb (EulerOS-SA-2019-1974)	Nessus	Huawei Local Security Checks	medium
700511	macOS < 10.13 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
110869	EulerOS 2.0 SP3 : postfix (EulerOS-SA-2018-1205)	Nessus	Huawei Local Security Checks	medium
110868	EulerOS 2.0 SP2 : postfix (EulerOS-SA-2018-1204)	Nessus	Huawei Local Security Checks	medium
104739	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : db5.3 vulnerability (USN-3489-1)	Nessus	Ubuntu Local Security Checks	medium
104379	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)	Nessus	MacOS X Local Security Checks	critical
103949	Debian DLA-1137-1 : db4.7 security update	Nessus	Debian Local Security Checks	medium
103948	Debian DLA-1136-1 : db4.8 security update	Nessus	Debian Local Security Checks	medium
103947	Debian DLA-1135-1 : db security update	Nessus	Debian Local Security Checks	medium
103598	macOS < 10.13 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical

CVE-2017-10140

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins