{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2012-08-17T00:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838160"}, {"name": "[oss-security] 20120706 Re: CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=770234"}, {"name": "[oss-security] 20120706 CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/7"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.175Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838160"}, {"name": "[oss-security] 20120706 Re: CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=770234"}, {"name": "[oss-security] 20120706 CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/7"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3381", "state": "PUBLISHED", "dateReserved": "2012-06-14T00:00:00Z", "datePublished": "2012-08-17T00:00:00Z", "dateUpdated": "2024-08-06T20:05:12.175Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:standards_based_linux_instrumentation:sblim-sfcb:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DF68CD1-BA3F-4BB2-823F-94C447CA9620", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."}, {"lang": "es", "value": "sfcb en SBLIM-sfcb pone un nombre de directorio de longitud cero en la variable LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a trav\u00e9s de un troyano en una librer\u00eda compartida en el directorio de trabajo actual.\r\n"}], "id": "CVE-2012-3381", "lastModified": "2024-11-21T01:40:44.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-17T00:55:03.813", "references": [{"source": "secalert@redhat.com", "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/7"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/8"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.novell.com/show_bug.cgi?id=770234"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/07/06/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.novell.com/show_bug.cgi?id=770234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838160"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "sblim-sfcb: insecure LD_LIBRARY_PATH usage", "id": "838160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838160"}, "csaw": false, "cvss": {"cvss_base_score": "3.0", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:P/I:P/A:N", "status": "draft"}, "details": ["sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory."], "name": "CVE-2012-3381", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "sblim-sfcb", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-07-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3381\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3381"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}