cve/2017/CVE-2017-10140.md

### [CVE-2017-10140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpujul2020.html

#### Github
- https://github.com/yfoelling/yair
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-10140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10140)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.`

			`### POC`

			`#### Reference`
			`- https://www.oracle.com/security-alerts/cpujul2020.html`

			`#### Github`
			`- https://github.com/yfoelling/yair`