Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-3365

Mistelix 0.31 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Related bugs and status

CVE-2010-3365 (Candidate) is related to these bugs:

Bug #651054: CVE-2010-3365: insecure library loading

		In	Importance	Status
651054	CVE-2010-3365: insecure library loading	mistelix (Ubuntu)	Undecided	Fix Released
651054	CVE-2010-3365: insecure library loading	mistelix (Ubuntu Karmic)	Undecided	Fix Released
651054	CVE-2010-3365: insecure library loading	mistelix (Ubuntu Lucid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...