CVE Vulnerabilities

CVE-2017-10140

Published: Apr 16, 2018 | Modified: Jul 15, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.

Affected Software

Name Vendor Start Version End Version
Postfix Postfix * *
Postfix Postfix 3.0.0 *
Postfix Postfix 3.1.0 *
Postfix Postfix 3.2.0 *

References