CVE-2010-0826

Publication date 31 March 2010

Last updated 24 July 2024


Ubuntu priority

The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

Status

Package Ubuntu Release Status
libnss-db 9.10 karmic
Fixed 2.2.3pre1-3ubuntu3.9.10.2
9.04 jaunty
Fixed 2.2.3pre1-3ubuntu3.9.04.2
8.10 intrepid
Fixed 2.2.3pre1-3ubuntu1.8.10.2
8.04 LTS hardy
Fixed 2.2.3pre1-3ubuntu1.8.04.2
6.06 LTS dapper Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-922-1
    • libnss-db vulnerability
    • 31 March 2010

Other references