CVE-2010-3359

NameCVE-2010-3359
DescriptionIf LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gargoyle-free (PTS)bullseye2019.1.1-2fixed
bookworm2022.1+dfsg-1fixed
sid, trixie2023.1+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gargoyle-freesource(unstable)2009-08-25-2

Notes

http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
Search for package or bug name: Reporting problems