GNU libnss_db Local Information Disclosure Vulnerability
BID:39132
Info
GNU libnss_db Local Information Disclosure Vulnerability
| Bugtraq ID: | 39132 |
| Class: | Unknown |
| CVE: |
CVE-2010-0826 |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 31 2010 12:00AM |
| Updated: | Apr 16 2015 05:45PM |
| Credit: | Stephane Chazelas |
| Vulnerable: |
VMWare ESX 4.1 VMWare ESX 4.0 Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Mandriva Linux Mandrake 2010.0 x86_64 Mandriva Linux Mandrake 2010.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 GNU libnss_db 2.2.3 Avaya IQ 5 |
| Not Vulnerable: | |
Discussion
GNU libnss_db Local Information Disclosure Vulnerability
The GNU 'libnss_db' library is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.
libnss_db 2.2.3 is vulnerable; other versions may also be affected.
The GNU 'libnss_db' library is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.
libnss_db 2.2.3 is vulnerable; other versions may also be affected.
Exploit / POC
GNU libnss_db Local Information Disclosure Vulnerability
Local attackers can use standard tools to exploit this issue.
Local attackers can use standard tools to exploit this issue.
Solution / Fix
GNU libnss_db Local Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 9.10 sparc
Mandriva Linux Mandrake 2010.0 x86_64
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.10 i386
MandrakeSoft Enterprise Server 5 x86_64
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
MandrakeSoft Enterprise Server 5
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 8.10 amd64
Mandriva Linux Mandrake 2010.0
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 9.04 powerpc
Solution:
Updates are available. Please see the references for more information.
Ubuntu Ubuntu Linux 8.10 lpia
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.10.2_lpia.deb
Ubuntu Ubuntu Linux 9.10 sparc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.10.2_sparc.deb
Mandriva Linux Mandrake 2010.0 x86_64
-
Mandriva nss_db-2.2.3-0.pre1.6.1mdv2010.0.x86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 9.04 i386
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.04.2_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.04.2_powerpc.deb
Ubuntu Ubuntu Linux 8.10 sparc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.10.2_sparc.deb
Ubuntu Ubuntu Linux 9.04 lpia
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.04.2_lpia.deb
Ubuntu Ubuntu Linux 8.10 powerpc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.10.2_powerpc.deb
Ubuntu Ubuntu Linux 9.10 i386
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.10.2_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.04.2_sparc.deb
Ubuntu Ubuntu Linux 8.10 i386
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.10.2_i386.deb
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva nss_db-2.2.3-0.pre1.4.1mdvmes5.1.x86_64.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 9.10 powerpc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.10.2_powerpc.deb
Ubuntu Ubuntu Linux 9.10 amd64
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.10.2_amd64.deb
Ubuntu Ubuntu Linux 8.04 LTS i386
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.04.2_i386.deb
Ubuntu Ubuntu Linux 8.04 LTS amd64
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.04.2_amd64.deb
MandrakeSoft Enterprise Server 5
-
Mandriva nss_db-2.2.3-0.pre1.4.1mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 9.10 lpia
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.10.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.10.2_lpia.deb
Ubuntu Ubuntu Linux 9.04 amd64
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu3.9.04.2_amd64.deb
Ubuntu Ubuntu Linux 9.04 sparc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_sparc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.04.2_sparc.deb
Ubuntu Ubuntu Linux 8.10 amd64
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.10.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2 .2.3pre1-3ubuntu1.8.10.2_amd64.deb
Mandriva Linux Mandrake 2010.0
-
Mandriva nss_db-2.2.3-0.pre1.6.1mdv2010.0.i586.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS lpia
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu1.8.04.2_lpia.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu1.8.04.2_lpia.deb
Ubuntu Ubuntu Linux 9.04 powerpc
-
Ubuntu libnss-db_2.2.3pre1-3ubuntu3.9.04.2_powerpc.deb
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3 ubuntu3.9.04.2_powerpc.deb
References
GNU libnss_db Local Information Disclosure Vulnerability
References:
References: