CVE-2017-10140

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP1 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...

Debian Bug report logs - #872436 db53: CVE-2017-10140: Berkeley DB reads DB_CONFIG from cwd Package: src:db53; Maintainer for src:db53 is Debian Berkeley DB Team <team+bdb@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Aug 2017 12:18:02 UTC Severity: grave Tags: patch, sec ...

Berkeley DB could be made to expose sensitive information ...

Berkeley DB could be made to expose sensitive information ...

Postfix before 21110, 30x before 3010, 31x before 316, and 32x before 322 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2x and later, related to reading settings from DB_CONFIG in the current directory (CVE-2017-10140) ...

Postfix before 21110, 30x before 3010, 31x before 316, and 32x before 322 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2x and later, related to reading settings from DB_CONFIG in the current directory (CVE-2017-10140) ...

Postfix before 21110, 30x before 3010, 31x before 316, and 32x before 322 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2x and later, related to reading settings from DB_CONFIG in the current directory ...

It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default This happens when calling db_create() with dbenv=NULL; or using the dbm_open() function This behavior leads to a security vulnerability because in the case of setuid or setgid commands, excerpts of the file are revealed to the callin ...