Lucene search

K
cveRedhatCVE-2010-3689
HistoryJan 28, 2011 - 10:00 p.m.

CVE-2010-3689

2011-01-2822:00:05
CWE-22
redhat
web.nvd.nist.gov
69
openoffice.org
cve-2010-3689
privilege escalation
vulnerability
ld_library_path

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

High

EPSS

0

Percentile

12.7%

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected configurations

Nvd
Node
apacheopenofficeRange3.0.03.3.0
Node
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch9.10
OR
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch10.10
OR
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
VendorProductVersionCPE
apacheopenoffice*cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux9.10cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux10.10cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

High

EPSS

0

Percentile

12.7%