Mandriva Linux Security Advisory : nss_db (MDVSA-2010:077)
Low Nessus Plugin ID 48179
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in nss_db :
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module (CVE-2010-0826).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected nss_db package.