If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://security-tracker.debian.org/tracker/CVE-2010-3359 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-12T18:49:09
Updated: 2024-08-07T03:03:18.995Z
Reserved: 2010-09-15T00:00:00
Link: CVE-2010-3359
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-12T19:15:10.897
Modified: 2020-08-18T15:05:57.580
Link: CVE-2010-3359
Redhat
No data.