7.8

CVE-2017-10140

Exploit
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostfixPostfix Version < 2.11.10
PostfixPostfix Version >= 3.0.0 < 3.0.10
PostfixPostfix Version >= 3.1.0 < 3.1.6
PostfixPostfix Version >= 3.2.0 < 3.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.425
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.oracle.com/security-alerts/cpujul2020.html
https://access.redhat.com/errata/RHSA-2019:0366
Third Party Advisory
http://seclists.org/oss-sec/2017/q3/285
Third Party Advisory
Exploit
Mailing List
http://www.postfix.org/announcements/postfix-3.2.2.html
Vendor Advisory