CVE-2010-3369

2010-10-2018:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

(cve-2010-3369

mdb

mdb-symbolreader

mono-debugger

privilege escalation

local exploit)

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CPENameOperatorVersion
debian:mono-debuggerdebian mono-debuggereq2.6
debian:mono-debuggerdebian mono-debuggereq2.6.7
debian:mono-debuggerdebian mono-debuggereq2.6.4
debian:mono-debuggerdebian mono-debuggereq2.8
debian:mono-debuggerdebian mono-debuggereq2.6.1
debian:mono-debuggerdebian mono-debuggereq2.6.3
debian:mono-debuggerdebian mono-debuggereq2.4.3

CPE	Name	Operator	Version
debian:mono-debugger	debian mono-debugger	eq	2.6
debian:mono-debugger	debian mono-debugger	eq	2.6.7
debian:mono-debugger	debian mono-debugger	eq	2.6.4
debian:mono-debugger	debian mono-debugger	eq	2.8
debian:mono-debugger	debian mono-debugger	eq	2.6.1
debian:mono-debugger	debian mono-debugger	eq	2.6.3
debian:mono-debugger	debian mono-debugger	eq	2.4.3