Lucene search

[email protected]CVE-2010-3384

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3384

2022-10-0316:20:54

[email protected]

web.nvd.nist.gov

nvd

cve-2010-3384

torcs

privilege escalation

security flaw

scripts

ld_library_path

local users

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected configurations

NVD

Node

bernhard_wymanntorcsMatch1.3.1

CPENameOperatorVersion
bernhard_wymann:torcsbernhard wymann torcseq1.3.1

CPE	Name	Operator	Version
bernhard_wymann:torcs	bernhard wymann torcs	eq	1.3.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=598306

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-3384

openvas2 prion1 ubuntucve1 nvd1 nessus1 debiancve1 freebsd1 cvelist1