Lucene search

MitreCVE-2010-3357

HistoryOct 20, 2010 - 6:00 p.m.

CVE-2010-3357

2010-10-2018:00:03

mitre

web.nvd.nist.gov

cve-2010-3357

nvd

privilege escalation

shared library

local exploit

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected configurations

Nvd

Node

pedro_castrognome-subtitlesMatch1.0

VendorProductVersionCPE
pedro_castrognome-subtitles1.0cpe:2.3:a:pedro_castro:gnome-subtitles:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pedro_castro	gnome-subtitles	1.0	cpe:2.3:a:pedro_castro:gnome-subtitles:1.0:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289

git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65

lists.fedoraproject.org/pipermail/package-announce/2010-October/049184.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html

secunia.com/advisories/41807

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-3357