CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Vendor | Product | Version | CPE |
---|---|---|---|
pedro_castro | gnome-subtitles | 1.0 | cpe:2.3:a:pedro_castro:gnome-subtitles:1.0:*:*:*:*:*:*:* |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289
git.gnome.org/browse/gnome-subtitles/commit/?id=44370dc2a87f7fa0d6c9730979514bd407a37c65
lists.fedoraproject.org/pipermail/package-announce/2010-October/049184.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html
lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html
secunia.com/advisories/41807