1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Candidate: CVE-2010-3369
PublicDate: 2010-10-20
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3369
Description:
The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, and
other versions before 2.8.1, place a zero-length directory name in the
LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
horse shared library in the current working directory.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_mono-debugger:
upstream_mono-debugger: needs-triage
dapper_mono-debugger: DNE
hardy_mono-debugger: ignored (reached end-of-life)
jaunty_mono-debugger: ignored (reached end-of-life)
karmic_mono-debugger: ignored (reached end-of-life)
lucid_mono-debugger: ignored (reached end-of-life)
maverick_mono-debugger: ignored (reached end-of-life)
natty_mono-debugger: not-affected (2.6.3-2.1)
oneiric_mono-debugger: DNE
precise_mono-debugger: DNE
quantal_mono-debugger: DNE
raring_mono-debugger: DNE
saucy_mono-debugger: DNE
devel_mono-debugger: DNE
|