CVE-2010-3393

NameCVE-2010-3393
Descriptionmagics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs598418

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
magics++ (PTS)buster3.3.1-1fixed
bullseye4.5.3-1fixed
bookworm4.13.0-1fixed
trixie4.15.2-1fixed
sid4.15.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
magics++source(unstable)2.10.0.dfsg-5.1598418
Search for package or bug name: Reporting problems