CVE Vulnerabilities

CVE-2010-3361

Published: Oct 20, 2010 | Modified: Oct 22, 2010
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected Software

Name Vendor Start Version End Version
Vpn_client Shrew 2.1.5 2.1.5
Ike Ubuntu hardy *
Ike Ubuntu jaunty *
Ike Ubuntu karmic *
Ike Ubuntu lucid *
Ike Ubuntu maverick *
Ike Ubuntu upstream *

References