Red Hat Bugzilla – Bug 580187
CVE-2010-0826 nss_db: Information leak due the DB_CONFIG file read from current working directory
Last modified: 2012-06-20 10:25:40 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0826 to the following vulnerability: The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826 [2] https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976 [3] http://www.ubuntu.com/usn/USN-922-1 [4] http://www.securityfocus.com/bid/39132 [5] http://secunia.com/advisories/39165 [6] http://www.vupen.com/english/advisories/2010/0776 Patch applied by Ubuntu Linux vendor: [7] http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2 .3pre1-3ubuntu1.8.04.2.diff.gz
Created attachment 405029 [details] Local extracted copy of "200-set-db-environment.dpatch"
This issue affects the versions of the nss_db package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue affects the versions of the nss_db package, as shipped with Fedora release of 11 and 12.
nss_db-2.2-47.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/nss_db-2.2-47.fc12
nss_db-2.2-46.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/nss_db-2.2-46.fc11
nss_db-2.2.3-0.3.pre1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/nss_db-2.2.3-0.3.pre1.fc13
nss_db-2.2.3-0.3.pre1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
Created attachment 405473 [details] Ubuntu patch Same thing as comment #1, just throw away unneeded dpatch wrapper and only leave the real patch.
(In reply to comment #2) > This issue affects the versions of the nss_db package, > as shipped with Red Hat Enterprise Linux 3, 4, and 5. Further investigation of this issue showed that nss_db packages in Red Hat Enterprise Linux 3 and 4 are not affected, as Berkeley DB versions they use do not attempt to use current working directory as a path to database environment. In Red Hat Enterprise Linux 5, current working directory is used as database environment, which causes nss_db to attempt to use certain files (such as DB_CONFIG or __db.*) from current working directory of the program.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0347 https://rhn.redhat.com/errata/RHSA-2010-0347.html
nss_db-2.2-47.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
nss_db-2.2-46.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.