漏洞信息详情
Berkeley DB NSS模块本地信息泄露漏洞
- CNNVD编号:CNNVD-201004-074
- 危害等级: 低危
- CVE编号: CVE-2010-0826
- 漏洞类型: 信息泄露
- 发布时间: 2010-03-31
- 威胁类型: 本地
- 更新时间: 2010-04-06
- 厂 商: piotr_roszatycki
- 漏洞来源: Stephane Chazelas
漏洞简介
Free Software Foundation (FSF) Berkeley DB NSS模块(又名libnss-db)存在本地信息泄露漏洞。在当前工作目录下读取DB_CONFIG文件时,本地用户可以通过symlink攻击获取敏感信息,包括在某块中使用的setgid或setuid应用。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.10.2_lpia.deb
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.10.2_sparc.deb
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.04.2_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.04.2_powerpc.deb
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.10.2_sparc.deb
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.04.2_lpia.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.10.2_powerpc.deb
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.10.2_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.04.2_sparc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.10.2_i386.deb
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.10.2_powerpc.deb
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.10.2_amd64.deb
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.04.2_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.04.2_amd64.deb
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.10.2_lpia.deb
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.04.2_amd64.deb
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.04.2_sparc.deb
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.10.2_amd64.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.04.2_lpia.deb
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.04.2_powerpc.deb
参考网址
来源: bugs.launchpad.net
链接:https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976
来源: VUPEN
名称: ADV-2010-0776
链接:http://www.vupen.com/english/advisories/2010/0776
来源: UBUNTU
名称: USN-922-1
链接:http://www.ubuntu.com/usn/USN-922-1
来源: BID
名称: 39132
链接:http://www.securityfocus.com/bid/39132
来源: SECUNIA
名称: 39165
链接:http://secunia.com/advisories/39165
受影响实体
- Piotr_roszatycki Libnss-Db:2.2.3:Pre1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论