[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3998Date: (C)2010-11-05   (M)2023-12-22


The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-42234
SECUNIA-42237
BID-44752
ADV-2010-2964
FEDORA-2010-16907
FEDORA-2010-16916
FEDORA-2010-17021
MDVSA-2011:034
http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news
https://bugzilla.redhat.com/show_bug.cgi?id=644554

OVAL    4
oval:org.secpod.oval:def:300412
oval:org.secpod.oval:def:100426
oval:org.secpod.oval:def:100621
oval:org.secpod.oval:def:100004
...

© SecPod Technologies