CVE-2017-10140 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Information disclosure
Description	It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default. This happens when calling db_create() with dbenv=NULL; or using the dbm_open() function. This behavior leads to a security vulnerability because in the case of setuid or setgid commands, excerpts of the file are revealed to the calling user (and maybe more harm could be done with specially crafted DB_CONFIG files).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-518	exim	4.89-1	4.89.1-1	Critical	Fixed	FS#56478

Date	Advisory	Group	Package	Severity	Type
30 Nov 2017	ASA-201711-32	AVG-518	exim	Critical	multiple issues

References
http://seclists.org/oss-sec/2017/q2/452 http://www.postfix.org/announcements/postfix-3.2.2.html https://git.exim.org/exim.git/commitdiff/98bf975ca462bebeaa1325d72381847c5118ff14