Lucene search

[email protected]CVE-2010-3353

HistoryOct 20, 2010 - 6:00 p.m.

CVE-2010-3353

2010-10-2018:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cowbell

0.2.7.1

cve-2010-3353

security vulnerability

privilege escalation

nvd

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CPENameOperatorVersion
more-cowbell:cowbellmore-cowbell cowbelleq0.2.7.1

CPE	Name	Operator	Version
more-cowbell:cowbell	more-cowbell cowbell	eq	0.2.7.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=598286

6.6 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2010-3353

ubuntucve1 debiancve1 prion1