If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
References
Link | Resource |
---|---|
https://security-tracker.debian.org/tracker/CVE-2010-3359 | Third Party Advisory |
Information
Published : 2019-11-12 11:15
Updated : 2020-08-18 08:05
NVD link : CVE-2010-3359
Mitre link : CVE-2010-3359
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
debian
- debian_linux
gargoyle_project
- gargoyle