Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 372709 (CVE-2010-3351)

Summary: <media-sound/bristol-0.60.9: LD_LIBRARY_PATH trojan horse inclusion possible (CVE-2010-3351)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: proaudio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-23 20:08:30 UTC 
CVE-2010-3351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3351):
  startBristol in Bristol 0.60.5 places a zero-length directory name in the
  LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
  horse shared library in the current working directory.
Comment 1 Tim Harder gentoo-dev 2011-10-27 05:17:17 UTC 
This should be fixed in 0.60.9 now in CVS.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-10-27 20:57:45 UTC 
(In reply to comment #1)
> This should be fixed in 0.60.9 now in CVS.

Thank you. Closing noglsa for ~arch only package.