CVE-2017-10140 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
It was found that Berkeley DB reads the DB_CONFIG configuration file from the current working directory by default. This happens when calling db_create() with dbenv=NULL; or using the dbm_open() function. This behavior leads to a security vulnerability because in the case of setuid or setgid commands, excerpts of the file are revealed to the calling user (and maybe more harm could be done with specially crafted DB_CONFIG files).
Group Package Affected Fixed Severity Status Ticket
AVG-518 exim 4.89-1 4.89.1-1 Critical Fixed FS#56478
Date Advisory Group Package Severity Description
30 Nov 2017 ASA-201711-32 AVG-518 exim Critical multiple issues
References
http://seclists.org/oss-sec/2017/q2/452
http://www.postfix.org/announcements/postfix-3.2.2.html
https://git.exim.org/exim.git/commitdiff/98bf975ca462bebeaa1325d72381847c5118ff14