6.9

CVE-2010-3999

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnucashGnucash Version <= 2.3.15
GnucashGnucash Version1.8.3
GnucashGnucash Version1.8.4
GnucashGnucash Version1.8.5
GnucashGnucash Version2.0.0
GnucashGnucash Version2.0.1
GnucashGnucash Version2.2.0
GnucashGnucash Version2.2.1
GnucashGnucash Version2.2.2
GnucashGnucash Version2.2.3
GnucashGnucash Version2.2.4
GnucashGnucash Version2.2.5
GnucashGnucash Version2.2.6
GnucashGnucash Version2.2.7
GnucashGnucash Version2.2.8
GnucashGnucash Version2.2.9
GnucashGnucash Version2.3.0
GnucashGnucash Version2.3.1
GnucashGnucash Version2.3.2
GnucashGnucash Version2.3.3
GnucashGnucash Version2.3.4
GnucashGnucash Version2.3.5
GnucashGnucash Version2.3.6
GnucashGnucash Version2.3.7
GnucashGnucash Version2.3.8
GnucashGnucash Version2.3.9
GnucashGnucash Version2.3.10
GnucashGnucash Version2.3.11
GnucashGnucash Version2.3.12
GnucashGnucash Version2.3.13
GnucashGnucash Version2.3.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.255
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050269.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050164.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050177.html
http://secunia.com/advisories/42048
http://secunia.com/advisories/42054
http://www.mandriva.com/security/advisories?name=MDVSA-2010:241
http://www.securityfocus.com/bid/44563
http://www.vupen.com/english/advisories/2010/2848
http://www.vupen.com/english/advisories/2010/2898
http://www.vupen.com/english/advisories/2010/3060
https://bugzilla.redhat.com/show_bug.cgi?id=644933