Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-10140  

It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default. This happens when calling db_create() with dbenv=NULL; or using the dbm_open() function. This behavior leads to a security vulnerability because in the case of setuid or setgid commands, excerpts of the file are revealed to the calling user (and maybe more harm could be done with specially crafted DB_CONFIG files).

Source
Severity Medium

Remote No

Type Information disclosure

Description 

It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default. This happens when calling db_create() with dbenv=NULL; or using the dbm_open() function. This behavior leads to a security vulnerability because in the case of setuid or setgid commands, excerpts of the file are revealed to the calling user (and maybe more harm could be done with specially crafted DB_CONFIG files).

AVG-518 exim 4.89-1 4.89.1-1 Critical Fixed FS#56478

30 Nov 2017 ASA-201711-32 AVG-518 exim Critical multiple issues 

http://seclists.org/oss-sec/2017/q2/452
http://www.postfix.org/announcements/postfix-3.2.2.html
https://git.exim.org/exim.git/commitdiff/98bf975ca462bebeaa1325d72381847c5118ff14

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started