CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
5.1%
sfcb in sblim-sfcb places a zero-length directory name in the
LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
horse shared library in the current working directory.
Author | Note |
---|---|
sbeattie | debian/ubuntu not affected because upstream init scripts are not used; debian init script does not contain LD_LIBRARY_PATH usage |
www.openwall.com/lists/oss-security/2012/07/06/7
www.openwall.com/lists/oss-security/2012/07/06/8
bugzilla.novell.com/show_bug.cgi?id=770234
bugzilla.redhat.com/show_bug.cgi?id=838160
launchpad.net/bugs/cve/CVE-2012-3381
nvd.nist.gov/vuln/detail/CVE-2012-3381
security-tracker.debian.org/tracker/CVE-2012-3381
www.cve.org/CVERecord?id=CVE-2012-3381