PT-2017-11133 · Oracle+3 · Berkeley Db+3

Published

2017-08-14

Updated

2020-12-19

CVE-2017-10140

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 2.11.10 Postfix versions 3.0.x prior to 3.0.10 Postfix versions 3.1.x prior to 3.1.6 Postfix versions 3.2.x prior to 3.2.2

Description The issue allows local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB CONFIG in the current directory.

Recommendations For Postfix versions prior to 2.11.10, update to version 2.11.10 or later. For Postfix versions 3.0.x prior to 3.0.10, update to version 3.0.10 or later. For Postfix versions 3.1.x prior to 3.1.6, update to version 3.1.6 or later. For Postfix versions 3.2.x prior to 3.2.2, update to version 3.2.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2018-1346

ALT-PU-2020-3538

CVE-2017-10140

DLA-1135-1

DLA-1136-1

DLA-1137-1

MGASA-2017-0380

USN-3489-1

USN-3489-2

Affected Products

Alt Linux

Berkeley Db

Postfix

Ubuntu

PT-2017-11133 · Oracle+3 · Berkeley Db+3

CVE-2017-10140

Related Identifiers

Affected Products

References · 19