Incorrect default permissions in Oracle Berkeley DB

#VU54338 Incorrect default permissions in Oracle Berkeley DB

Published: 2021-06-23

Vulnerability identifier: #VU54338

Vulnerability risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2708

CWE-ID: CWE-276

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Oracle Berkeley DB
Universal components / Libraries / Libraries used by multiple products

Vendor: Oracle

Description

The vulnerability allows a local user to crash the service.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Oracle Berkeley DB: 6.1.19 - 18.1.25

External links
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQFKX6NKU2DCW5CTCHQSOJJDFVRVTPO6/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Data Protection Central

Multiple vulnerabilities in Dell EMC SRM and Dell EMC Storage Monitoring and Reporting (SMR)

Multiple vulnerabilities in Dell NetWorker vProxy

SUSE update for libdb-4_8

Multiple vulnerabilities in IBM Cloud Pak for Security

Multiple vulnerabilities in Red Hat Web Terminal

Multiple vulnerabilities in OpenShift Serverless

Multiple vulnerabilities in Red Hat OpenShift Jaeger

Multiple vulnerabilities in Windows Container Support for Red Hat OpenShift