libnss_db reads a DB_CONFIG file in the current directory
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnss-db (Debian) |
Fix Released
|
Unknown
|
|||
libnss-db (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
Dapper |
Won't Fix
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Kees Cook | ||
Intrepid |
Fix Released
|
Medium
|
Kees Cook | ||
Jaunty |
Fix Released
|
Medium
|
Kees Cook | ||
Karmic |
Fix Released
|
Medium
|
Kees Cook | ||
Lucid |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
Binary package hint: libnss-db
sudo apt-get install libnss-db
sudo /etc/init.d/nscd stop (in case nscd is installed)
sudo ln -s /etc/shadow DB_CONFIG
$ sudo
line 1: root:*:
[...]
Through libdb (libdb4.6 4.6.21-13ubuntu2 here), libnss_db seems to try and read a DB_CONFIG file in the current directory (instead of /var/lib/misc I suppose).
That's a security vulnerability because in the case of setuid or setgid commands, excerpts of the file are revealed to the calling user (and maybe more harm could be done with specially crafted DB_CONFIG files).
ProblemType: Bug
Architecture: amd64
Date: Thu Mar 4 15:42:04 2010
DistroRelease: Ubuntu 9.10
NonfreeKernelMo
Package: libnss-db 2.2.3pre1-3ubuntu3
ProcEnviron:
SHELL=/bin/zsh
PATH=(custom, user)
LANG=en_GB.UTF-8
ProcVersionSign
SourcePackage: libnss-db
Uname: Linux 2.6.31-19-generic x86_64
summary: |
- libnss_sb reads a DB_CONFIG file in th current directory + libnss_db reads a DB_CONFIG file in the current directory |
Changed in libnss-db (Ubuntu Lucid): | |
assignee: | nobody → Kees Cook (kees) |
Changed in libnss-db (Ubuntu Jaunty): | |
assignee: | nobody → Kees Cook (kees) |
Changed in libnss-db (Ubuntu Karmic): | |
assignee: | nobody → Kees Cook (kees) |
Changed in libnss-db (Ubuntu Intrepid): | |
assignee: | nobody → Kees Cook (kees) |
Changed in libnss-db (Ubuntu Hardy): | |
assignee: | nobody → Kees Cook (kees) |
Changed in libnss-db (Ubuntu Karmic): | |
importance: | Undecided → Medium |
Changed in libnss-db (Ubuntu Jaunty): | |
importance: | Undecided → Medium |
Changed in libnss-db (Ubuntu Intrepid): | |
importance: | Undecided → Medium |
Changed in libnss-db (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in libnss-db (Ubuntu Dapper): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in libnss-db (Ubuntu Hardy): | |
status: | New → Confirmed |
Changed in libnss-db (Ubuntu Intrepid): | |
status: | New → Confirmed |
Changed in libnss-db (Ubuntu Jaunty): | |
status: | New → Confirmed |
Changed in libnss-db (Ubuntu Karmic): | |
status: | New → Confirmed |
visibility: | private → public |
Changed in libnss-db (Ubuntu Dapper): | |
status: | Confirmed → Won't Fix |
Changed in libnss-db (Debian): | |
status: | Unknown → Fix Released |
summary "libnss_db reads a DB_CONFIG file in the current directory"