Vulnerability Details : CVE-2010-0826
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.
Vulnerability category: Information leak
Products affected by CVE-2010-0826
- cpe:2.3:a:piotr_roszatycki:libnss-db:2.2.3:pre1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0826
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0826
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2010-0826
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0826
-
http://www.vupen.com/english/advisories/2010/0776
Webmail | OVH- OVHVendor Advisory
-
http://www.ubuntu.com/usn/USN-922-1
USN-922-1: libnss-db vulnerability | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2010/0841
Webmail | OVH- OVH
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10727
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2010/0903
Webmail | OVH- OVH
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:077
mandriva.com
-
http://www.securityfocus.com/bid/39132
GNU libnss_db Local Information Disclosure Vulnerability
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976
Bug #531976 “libnss_db reads a DB_CONFIG file in the current dir...” : Bugs : libnss-db package : Ubuntu
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6681
Repository / Oval Repository
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038760.html
[SECURITY] Fedora 13 Update: nss_db-2.2.3-0.3.pre1.fc13
Jump to