CVE-2010-0826

Name of the Vulnerable Software and Affected Versions libnss-db version 2.2.3pre1

Description The issue allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses the libnss-db module. This occurs because the module reads the DB CONFIG file in the current working directory.

Recommendations For libnss-db version 2.2.3pre1, consider restricting access to the DB CONFIG file to prevent unauthorized reading of sensitive information. As a temporary workaround, avoid using setgid or setuid applications that utilize the libnss-db module in environments where the DB CONFIG file could be accessed by unauthorized users.