Oracle Berkeley DB CVE-2017-3610 Local Security Vulnerability

Oracle Berkeley DB is prone to a local security vulnerability in Data Store.

An attacker does not require privileges to exploit this vulnerability.

This vulnerability affects the following supported versions:
Prior to 6.2.32

Information

Bugtraq ID: 97858
Class: Unknown
CVE: CVE-2017-3610

Remote: No
Local: Yes
Published: Apr 18 2017 12:00AM
Updated: Apr 20 2017 01:04AM
Credit: Hanno Bock and Lionel Debroux
Vulnerable: Oracle Berkeley DB 6.2.23
Oracle Berkeley DB 6.1.29
Oracle Berkeley DB 6.0.35
Oracle Berkeley DB 5.3.28
Oracle Berkeley DB 5.2.42
Oracle Berkeley DB 5.1.29
Oracle Berkeley DB 5.0.32
Oracle Berkeley DB 4.8.30
Oracle Berkeley DB 4.7.25
Oracle Berkeley DB 4.6.21
Oracle Berkeley DB 4.5.20
Oracle Berkeley DB 4.4.20
Oracle Berkeley DB 4.3.29
Oracle Berkeley DB 4.2.52
Oracle Berkeley DB 4.1.25
Oracle Berkeley DB 4.0.14
Oracle Berkeley DB 3.3.11
Oracle Berkeley DB 3.2.9
Oracle Berkeley DB 3.1.17
Oracle Berkeley DB 3.1.14
Oracle Berkeley DB 3.0.55
Oracle Berkeley DB 6.2

Not Vulnerable:

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• Oracle Homepage (Oracle)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  

Source: www.securityfocus.com