Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3381

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-3381
Last Modified 17 Aug 2012 10:20:17
Published 16 Aug 2012 08:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3381

Summary

sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Vulnerable Systems

Application

  • Standards Based Linux Instrumentation Sblim-sfcb


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=838160

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=770234

MLIST - [oss-security] 20120706 Re: CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage

MLIST - [oss-security] 20120706 CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784

Related Patches

Novell SUSE 2012:6888 sblim-sfcb recommended update for SLE 11 SP2 i586

Novell SUSE 2012:6888 sblim-sfcb recommended update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:53:36