Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-3389

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2010-3389
Last Modified 01 Feb 2012 10:58:05
Published 20 Oct 2010 02:00:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2010-3389

Summary

The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Vulnerable Systems

Application

  • Linux-ha Ocf Resource Agents 1.0.3


References

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598549

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=639044

VUPEN - ADV-2011-0416

REDHAT - RHSA-2011:1000

REDHAT - RHSA-2011:0264

SECUNIA - 43372

REDHAT - RHSA-2011:1580

GENTOO - GLSA-201110-18


Last Updated: 27 May 2016 10:57:20