GNU libnss_db Local Information Disclosure Vulnerability

forkb0mb.org

Calendar

Back May '13
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Quicksearch

Categories


All categories

Archives

Blog Administration

Open login screen

GNU libnss_db Local Information Disclosure Vulnerability

Monday, May 17. 2010

GNU libnss_db Local Information Disclosure Vulnerability

/*
According to the "Discussion" tab:
*/

The GNU 'libnss_db' library is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to read the first line of arbitrary local files. This may lead to further attacks.

libnss_db 2.2.3 is vulnerable; other versions may also be affected.

/*
I was not able to reproduce this on my machine as I did not already have the libnss-db package installed, and the package for my distro has already been fixed, so it does no good to install it.

The discussion shows this as an example:
sudo apt-get install libnss-db
sudo /etc/init.d/nscd stop (in case nscd is installed)
sudo ln -s /etc/shadow DB_CONFIG
$ sudo
line 1: root:*:14553:0:99999:7:::: incorrect name-value pair


Now if you already have sudo(8) privs to stop/start init.d services and use ln(1), I'm guessing there are probably easier ways of obtaining root. Every attack vector should be corrected, but this just seems a like the shooting fish in a barrel with sudo privs as such.
*/
Posted by TJE in Advisories, Exploits, Local, News, Software, Vulnerabilities at 00:13

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

The author does not allow comments to this entry