CVE-2010-3359

NameCVE-2010-3359
DescriptionIf LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gargoyle-free (PTS)jessie2011.1a-2fixed
buster, stretch2011.1b-1fixed
bullseye, sid2019.1.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gargoyle-freesource(unstable)2009-08-25-2

Notes

http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6

Search for package or bug name: Reporting problems