CVE-2010-3998

{"id": "CVE-2010-3998", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": true, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-11-06T00:00:02.593", "references": [{"url": "http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42234", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42237", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:034", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/44752", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2964", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=644554", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH."}, {"lang": "es", "value": "Los scripts (1) banshee-1 y (2) muinshee en Banshee v1.8.0 y anteriores colocan un nombre de directorio de longitud cero en la variable de entorno LD_LIBRARY_PATH, lo que permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya en una biblioteca compartida en el directorio de trabajo actual."}], "lastModified": "2011-09-15T03:17:55.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:banshee-project:banshee:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F85DADF-4363-4721-AC62-4BB566963045", "versionEndIncluding": "1.8.0"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:0.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42352A6D-B46B-4E36-BC92-7067C5CCAEA6"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5387279C-1AF4-415A-947B-BEA4DA7A9F29"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "968C6F57-489B-40FC-8D47-ED6A8C950ABA"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B4D8738-E58E-48C6-9358-3031049F8A16"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97AD83BD-4331-49F1-91C6-1A21DA44E52F"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A13354B-324C-448B-A1DF-9DDB60D914CE"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F49E2077-EBB0-4A12-B7CF-932C351659F7"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "641A14CA-AF01-4AC7-8450-044857360300"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25629216-A9C0-42E8-B0E5-AE2B98EC90EE"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B244CB19-F2C3-40BC-87EE-02F7FEC1726F"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B2CFBB2-2A1F-4B88-AC6A-377AB14922DA"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E7DD34F-A55D-4F1A-A693-CE6E634FC38C"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C2B2C1-62A3-4A72-8DC4-89CD931DDFEC"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD254768-43A5-4BF0-8D1F-8306D3F46A3C"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC41E5E8-6A1F-4BA6-AF21-503CEFF654BE"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5AB7B78-13D4-411E-9BD9-43ADB4CE3CE9"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C172A76-6E2E-4C1F-BBE4-73E94F5C9601"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F27A1501-EE76-4C5F-AB92-5B9FFC937B6F"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21D3FC55-E176-4344-909A-E7DD452A4F50"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01349CF5-0F58-4C3E-990F-ECEC08A39A00"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B6AD7F2-4EE5-4C5C-866D-01D4706F83E3"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9653EA90-62AD-4941-8111-E8FC873F1139"}, {"criteria": "cpe:2.3:a:banshee-project:banshee:1.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C25EAD1D-ACD8-40C2-B89D-508B162222F5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}