6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
DISPUTED vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse shared library in the current working
directory. NOTE: a third party disputes this issue because the script
erroneously uses a semicolon in a context where a colon was intended.