PT-2017-11133 · Oracle+3 · Berkeley Db+3

Publicado

2017-08-14

Atualizado

2020-12-19

CVE-2017-10140

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 2.11.10 Postfix versions 3.0.x prior to 3.0.10 Postfix versions 3.1.x prior to 3.1.6 Postfix versions 3.2.x prior to 3.2.2

Description The issue allows local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB CONFIG in the current directory.

Recommendations For Postfix versions prior to 2.11.10, update to version 2.11.10 or later. For Postfix versions 3.0.x prior to 3.0.10, update to version 3.0.10 or later. For Postfix versions 3.1.x prior to 3.1.6, update to version 3.1.6 or later. For Postfix versions 3.2.x prior to 3.2.2, update to version 3.2.2 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2018-1346

ALT-PU-2020-3538

CVE-2017-10140

DLA-1135-1

DLA-1136-1

DLA-1137-1

MGASA-2017-0380

USN-3489-1

USN-3489-2

Produtos afetados

Alt Linux

Berkeley Db

Postfix

Ubuntu

PT-2017-11133 · Oracle+3 · Berkeley Db+3

CVE-2017-10140

Identificadores relacionados

Produtos afetados

Referências · 19