CVE-2017-10140

{"id": "CVE-2017-10140", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-04-16T17:29:00.220", "references": [{"url": "http://seclists.org/oss-sec/2017/q3/285", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.postfix.org/announcements/postfix-3.2.2.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0366", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory."}, {"lang": "es", "value": "Postfix, en versiones anteriores a la 2.11.10, versiones 3.0.x anteriores a la 3.0.10, versiones 3.1.x anteriores a la 3.1.6 y versiones 3.2.x anteriores a la 3.2.2, podr\u00eda permitir que usuarios locales obtengan privilegios aprovechando una funcionalidad no documentada en Berkeley DB, en versiones 2.x y posteriores. Esto est\u00e1 relacionado con la lectura de opciones de DB_CONFIG en el directorio actual."}], "lastModified": "2020-07-15T18:15:12.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4E46DED-C952-4EC2-8418-B94092708565", "versionEndExcluding": "2.11.10"}, {"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5514620D-4D5B-4090-9462-13C7F6EC6FC1", "versionEndExcluding": "3.0.10", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBE1FAC6-6422-43D8-8981-08359639366B", "versionEndExcluding": "3.1.6", "versionStartIncluding": "3.1.0"}, {"criteria": "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B5C3C4E-E289-4F5E-A211-A9EE33EDE36E", "versionEndExcluding": "3.2.2", "versionStartIncluding": "3.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}