CVE-2010-3351

2010-10-2018:00:03

Debian Security Bug Tracker

security-tracker.debian.org

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

OSVersionArchitecturePackageVersionFilename
Debian12allbristol< 0.60.5-2bristol_0.60.5-2_all.deb
Debian11allbristol< 0.60.5-2bristol_0.60.5-2_all.deb
Debian10allbristol< 0.60.5-2bristol_0.60.5-2_all.deb
Debian999allbristol< 0.60.5-2bristol_0.60.5-2_all.deb
Debian13allbristol< 0.60.5-2bristol_0.60.5-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	bristol	< 0.60.5-2	bristol_0.60.5-2_all.deb
Debian	11	all	bristol	< 0.60.5-2	bristol_0.60.5-2_all.deb
Debian	10	all	bristol	< 0.60.5-2	bristol_0.60.5-2_all.deb
Debian	999	all	bristol	< 0.60.5-2	bristol_0.60.5-2_all.deb
Debian	13	all	bristol	< 0.60.5-2	bristol_0.60.5-2_all.deb