Vulnerabilities > CVE-2017-10140 - Unspecified vulnerability in Postfix
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1137.NASL description It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 last seen 2020-03-17 modified 2017-10-19 plugin id 103949 published 2017-10-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103949 title Debian DLA-1137-1 : db4.7 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1137-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(103949); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-10140"); script_name(english:"Debian DLA-1137-1 : db4.7 security update"); script_summary(english:"Checks dpkg output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 'Wheezy', these problems have been fixed in version 4.7.25-21+deb7u1. We recommend that you upgrade your db4.7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/10/msg00015.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/db4.7" ); script_set_attribute( attribute:"solution", value:"Upgrade the affected db4.7-util package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:db4.7-util"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"db4.7-util", reference:"4.7.25-21+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1135.NASL description It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 last seen 2020-03-17 modified 2017-10-19 plugin id 103947 published 2017-10-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103947 title Debian DLA-1135-1 : db security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1135-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(103947); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-10140"); script_name(english:"Debian DLA-1135-1 : db security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 'Wheezy', these problems have been fixed in version 5.1.29-5+deb7u1. We recommend that you upgrade your db packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/10/msg00013.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/db" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:db5.1-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:db5.1-sql-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:db5.1-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1++-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-java"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-java-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-java-gcj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-java-jni"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-sql-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-stl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-stl-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdb5.1-tcl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"db5.1-doc", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"db5.1-sql-util", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"db5.1-util", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1++", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1++-dev", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-dbg", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-dev", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-java", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-java-dev", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-java-gcj", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-java-jni", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-sql", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-sql-dev", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-stl", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-stl-dev", reference:"5.1.29-5+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libdb5.1-tcl", reference:"5.1.29-5+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1974.NASL description According to the version of the libdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.(CVE-2017-10140) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-23 plugin id 129131 published 2019-09-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129131 title EulerOS 2.0 SP5 : libdb (EulerOS-SA-2019-1974) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3489-1.NASL description It was discovered that Berkeley DB incorrectly handled certain configuration files. An attacker could possibly use this issue to read sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 104739 published 2017-11-22 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104739 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : db5.3 vulnerability (USN-3489-1) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2017-004.NASL description The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - 802.1X - apache - AppleScript - ATS - Audio - CFString - CoreText - curl - Dictionary Widget - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - ImageIO - Kernel - libarchive - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - Sandbox - StreamingZip - tcpdump - Wi-Fi last seen 2020-06-01 modified 2020-06-02 plugin id 104379 published 2017-11-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104379 title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004) NASL family MacOS X Local Security Checks NASL id MACOS_10_13.NASL description The remote host is running a version of Mac OS X that is prior to 10.10.5, 10.11.x prior to 10.11.6, 10.12.x prior to 10.12.6, or is not macOS 10.13. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - AppSandbox - AppleScript - Application Firewall - ATS - Audio - CFNetwork - CFNetwork Proxies - CFString - Captive Network Assistant - CoreAudio - CoreText - DesktopServices - Directory Utility - file - Fonts - fsck_msdos - HFS - Heimdal - HelpViewer - IOFireWireFamily - ImageIO - Installer - Kernel - kext tools - libarchive - libc - libexpat - Mail - Mail Drafts - ntp - Open Scripting Architecture - PCRE - Postfix - Quick Look - QuickTime - Remote Management - SQLite - Sandbox - Screen Lock - Security - Spotlight - WebKit - zlib Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 103598 published 2017-10-03 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/103598 title macOS < 10.13 Multiple Vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1535.NASL description According to the version of the libdb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.(CVE-2017-10140) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2020-05-01 plugin id 136238 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136238 title EulerOS Virtualization for ARM 64 3.0.2.0 : libdb (EulerOS-SA-2020-1535) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1205.NASL description According to the version of the postfix packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.(CVE-2017-10140) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-07-03 plugin id 110869 published 2018-07-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110869 title EulerOS 2.0 SP3 : postfix (EulerOS-SA-2018-1205) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1136.NASL description It was found that the Berkeley DB reads DB_CONFIG from the current working directory, leading to information leak by tricking privileged processes into reading arbitrary files. For Debian 7 last seen 2020-03-17 modified 2017-10-19 plugin id 103948 published 2017-10-19 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103948 title Debian DLA-1136-1 : db4.8 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1204.NASL description According to the version of the postfix packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.(CVE-2017-10140) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-07-03 plugin id 110868 published 2018-07-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110868 title EulerOS 2.0 SP2 : postfix (EulerOS-SA-2018-1204)
Redhat
advisories |
|
References
- http://seclists.org/oss-sec/2017/q3/285
- http://seclists.org/oss-sec/2017/q3/285
- http://www.postfix.org/announcements/postfix-3.2.2.html
- http://www.postfix.org/announcements/postfix-3.2.2.html
- https://access.redhat.com/errata/RHSA-2019:0366
- https://access.redhat.com/errata/RHSA-2019:0366
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html