[Bug 531976] Re: libnss_db reads a DB_CONFIG file in the current directory

Jakub Wilk 531976 at bugs.launchpad.net
Fri Mar 30 15:40:08 UTC 2012


** Bug watch added: Debian Bug tracker #577057
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577057

** Also affects: libnss-db (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577057
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-db in Ubuntu.
https://bugs.launchpad.net/bugs/531976

Title:
  libnss_db reads a DB_CONFIG file in the current directory

Status in “libnss-db” package in Ubuntu:
  Fix Released
Status in “libnss-db” source package in Lucid:
  Fix Released
Status in “libnss-db” source package in Dapper:
  Won't Fix
Status in “libnss-db” source package in Hardy:
  Fix Released
Status in “libnss-db” source package in Intrepid:
  Fix Released
Status in “libnss-db” source package in Jaunty:
  Fix Released
Status in “libnss-db” source package in Karmic:
  Fix Released
Status in “libnss-db” package in Debian:
  Unknown

Bug description:
  Binary package hint: libnss-db

  sudo apt-get install libnss-db
  sudo /etc/init.d/nscd stop (in case nscd is installed)
  sudo ln -s /etc/shadow DB_CONFIG
  $ sudo
  line 1: root:*:14553:0:99999:7:::: incorrect name-value pair
  [...]

  Through libdb (libdb4.6 4.6.21-13ubuntu2 here), libnss_db seems to try
  and read a DB_CONFIG file in the current directory (instead of
  /var/lib/misc I suppose).

  That's a security vulnerability because in the case of setuid or
  setgid commands, excerpts of the file are revealed to the calling user
  (and maybe more harm could be done with specially crafted DB_CONFIG
  files).

  ProblemType: Bug
  Architecture: amd64
  Date: Thu Mar  4 15:42:04 2010
  DistroRelease: Ubuntu 9.10
  NonfreeKernelModules: wl nvidia
  Package: libnss-db 2.2.3pre1-3ubuntu3
  ProcEnviron:
   SHELL=/bin/zsh
   PATH=(custom, user)
   LANG=en_GB.UTF-8
  ProcVersionSignature: Ubuntu 2.6.31-19.56-generic
  SourcePackage: libnss-db
  Uname: Linux 2.6.31-19-generic x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976/+subscriptions




More information about the foundations-bugs mailing list