Lucene search

[email protected]CVE-2010-4001

HistoryNov 06, 2010 - 12:00 a.m.

CVE-2010-4001

2010-11-0600:00:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2010-4001

gromacs

gmxrc.bash

ld_library_path

privilege escalation

shared library

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to the beginning of LD_LIBRARY_PATH at a later point in the script

Affected configurations

NVD

Node

gromacsgromacsRange≤4.5.1

AND

fedoraprojectfedora

CPENameOperatorVersion
gromacs:gromacsgromacsle4.5.1

CPE	Name	Operator	Version
gromacs:gromacs	gromacs	le	4.5.1

References

lists.fedoraproject.org/pipermail/package-announce/2010-November/050763.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050783.html

www.vupen.com/english/advisories/2010/2971

bugzilla.redhat.com/show_bug.cgi?id=644596

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-4001

cvelist1 nessus2 openvas4 prion1 fedora2 ubuntucve1 nvd1