[Bug 531976] Re: libnss_db reads a DB_CONFIG file in the current directory
Jakub Wilk
531976 at bugs.launchpad.net
Fri Mar 30 15:40:08 UTC 2012
** Bug watch added: Debian Bug tracker #577057
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577057
** Also affects: libnss-db (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577057
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-db in Ubuntu.
https://bugs.launchpad.net/bugs/531976
Title:
libnss_db reads a DB_CONFIG file in the current directory
Status in “libnss-db” package in Ubuntu:
Fix Released
Status in “libnss-db” source package in Lucid:
Fix Released
Status in “libnss-db” source package in Dapper:
Won't Fix
Status in “libnss-db” source package in Hardy:
Fix Released
Status in “libnss-db” source package in Intrepid:
Fix Released
Status in “libnss-db” source package in Jaunty:
Fix Released
Status in “libnss-db” source package in Karmic:
Fix Released
Status in “libnss-db” package in Debian:
Unknown
Bug description:
Binary package hint: libnss-db
sudo apt-get install libnss-db
sudo /etc/init.d/nscd stop (in case nscd is installed)
sudo ln -s /etc/shadow DB_CONFIG
$ sudo
line 1: root:*:14553:0:99999:7:::: incorrect name-value pair
[...]
Through libdb (libdb4.6 4.6.21-13ubuntu2 here), libnss_db seems to try
and read a DB_CONFIG file in the current directory (instead of
/var/lib/misc I suppose).
That's a security vulnerability because in the case of setuid or
setgid commands, excerpts of the file are revealed to the calling user
(and maybe more harm could be done with specially crafted DB_CONFIG
files).
ProblemType: Bug
Architecture: amd64
Date: Thu Mar 4 15:42:04 2010
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: wl nvidia
Package: libnss-db 2.2.3pre1-3ubuntu3
ProcEnviron:
SHELL=/bin/zsh
PATH=(custom, user)
LANG=en_GB.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-19.56-generic
SourcePackage: libnss-db
Uname: Linux 2.6.31-19-generic x86_64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-db/+bug/531976/+subscriptions
More information about the foundations-bugs
mailing list