Bug 580187 (CVE-2010-0826) - CVE-2010-0826 nss_db: Information leak due the DB_CONFIG file read from current working directory
Summary: CVE-2010-0826 nss_db: Information leak due the DB_CONFIG file read from curre...
Status: CLOSED ERRATA
Alias: CVE-2010-0826
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: https://bugs.launchpad.net/ubuntu/+so...
Whiteboard: impact=moderate,source=redhat,reporte...
Keywords: Security
Depends On: 580191 580192 580539 580540 580541 580542 580543 833945
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-07 16:52 UTC by Jan Lieskovsky
Modified: 2019-06-08 12:58 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2010-06-25 09:53:56 UTC


Attachments (Terms of Use)
Local extracted copy of "200-set-db-environment.dpatch" (7.79 KB, patch)
2010-04-07 16:59 UTC, Jan Lieskovsky
no flags Details | Diff
Ubuntu patch (7.02 KB, patch)
2010-04-09 06:39 UTC, Tomas Hoger
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0347 normal SHIPPED_LIVE Moderate: nss_db security update 2010-04-13 21:21:03 UTC

Description Jan Lieskovsky 2010-04-07 16:52:05 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0826 to
the following vulnerability:

The Free Software Foundation (FSF) Berkeley DB NSS module (aka
libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working
directory, which allows local users to obtain sensitive information
via a symlink attack involving a setgid or setuid application that
uses this module.

References:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0826
  [2] https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976
  [3] http://www.ubuntu.com/usn/USN-922-1
  [4] http://www.securityfocus.com/bid/39132
  [5] http://secunia.com/advisories/39165
  [6] http://www.vupen.com/english/advisories/2010/0776

Patch applied by Ubuntu Linux vendor:
  [7] http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2
.3pre1-3ubuntu1.8.04.2.diff.gz

Comment 1 Jan Lieskovsky 2010-04-07 16:59:58 UTC
Created attachment 405029 [details]
Local extracted copy of "200-set-db-environment.dpatch"

Comment 2 Jan Lieskovsky 2010-04-07 17:02:24 UTC
This issue affects the versions of the nss_db package,
as shipped with Red Hat Enterprise Linux 3, 4, and 5.

This issue affects the versions of the nss_db package,
as shipped with Fedora release of 11 and 12.

Comment 5 Fedora Update System 2010-04-07 18:17:05 UTC
nss_db-2.2-47.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/nss_db-2.2-47.fc12

Comment 6 Fedora Update System 2010-04-07 18:17:11 UTC
nss_db-2.2-46.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/nss_db-2.2-46.fc11

Comment 7 Fedora Update System 2010-04-07 18:17:17 UTC
nss_db-2.2.3-0.3.pre1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/nss_db-2.2.3-0.3.pre1.fc13

Comment 10 Fedora Update System 2010-04-09 04:02:34 UTC
nss_db-2.2.3-0.3.pre1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Tomas Hoger 2010-04-09 06:39:55 UTC
Created attachment 405473 [details]
Ubuntu patch

Same thing as comment #1, just throw away unneeded dpatch wrapper and only leave the real patch.

Comment 12 Tomas Hoger 2010-04-12 15:59:46 UTC
(In reply to comment #2)
> This issue affects the versions of the nss_db package,
> as shipped with Red Hat Enterprise Linux 3, 4, and 5.

Further investigation of this issue showed that nss_db packages in Red Hat Enterprise Linux 3 and 4 are not affected, as Berkeley DB versions they use do not attempt to use current working directory as a path to database environment.

In Red Hat Enterprise Linux 5, current working directory is used as database environment, which causes nss_db to attempt to use certain files (such as DB_CONFIG or __db.*) from current working directory of the program.

Comment 13 errata-xmlrpc 2010-04-13 21:21:07 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0347 https://rhn.redhat.com/errata/RHSA-2010-0347.html

Comment 14 Fedora Update System 2010-05-06 03:41:27 UTC
nss_db-2.2-47.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2010-05-06 03:45:30 UTC
nss_db-2.2-46.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.