PT-2018-19212 · Oracle · Libdb-4 5+1
Published
2018-02-09
·
Updated
2018-02-09
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
libdb-4 5 (affected versions not specified)
Description
The issue allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application using libdb-4 8. This occurs when a DB CONFIG file is present in the current working directory.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libdb-4 5
Libdb-4 8