Launchpad.net

CVE 2010-0826

The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

Related bugs and status

CVE-2010-0826 (Candidate) is related to these bugs:

Bug #531976: libnss_db reads a DB_CONFIG file in the current directory

		In	Importance	Status
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu)	Medium	Fix Released
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu Hardy)	Medium	Fix Released
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu Lucid)	Medium	Fix Released
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu Jaunty)	Medium	Fix Released
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu Dapper)	Medium	Won't Fix
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu Intrepid)	Medium	Fix Released
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Ubuntu Karmic)	Medium	Fix Released
531976	libnss_db reads a DB_CONFIG file in the current directory	libnss-db (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-0826

Related bugs and status

Related bugs

References