386221 – media-sound/cowbell: file inclusion vulnerability (CVE-2010-3353)

Bug 386221 - media-sound/cowbell: file inclusion vulnerability (CVE-2010-3353)

Summary: media-sound/cowbell: file inclusion vulnerability (CVE-2010-3353)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~2 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-08 01:17 UTC by GLSAMaker/CVETool Bot
Modified:	2014-10-06 16:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 01:17:36 UTC

CVE-2010-3353 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3353):
  Cowbell 0.2.7.1 places a zero-length directory name in the LD_LIBRARY_PATH,
  which allows local users to gain privileges via a Trojan horse shared
  library in the current working directory.

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-08-26 19:01:46 UTC

# Kristian Fiskerstrand <k_f@gentoo.org> (26 Aug 2014)
# Open security bug #386221 (CVE-2010-3353)
# Does not seem actively maintained
# Masked for removal in 30 days
media-sound/cowbell

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-10-06 16:32:15 UTC

Package removed from tree