CVE Vulnerabilities

CVE-2010-3998

Published: Nov 06, 2010 | Modified: Sep 15, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.

Affected Software

Name Vendor Start Version End Version
Banshee Banshee-project 0.13.2 0.13.2
Banshee Banshee-project 1.0 1.0
Banshee Banshee-project 1.2 1.2
Banshee Banshee-project 1.2.1 1.2.1
Banshee Banshee-project 1.4 1.4
Banshee Banshee-project 1.4.2 1.4.2
Banshee Banshee-project 1.4.3 1.4.3
Banshee Banshee-project 1.5.0 1.5.0
Banshee Banshee-project 1.5.1 1.5.1
Banshee Banshee-project 1.5.2 1.5.2
Banshee Banshee-project 1.5.3 1.5.3
Banshee Banshee-project 1.5.4 1.5.4
Banshee Banshee-project 1.5.5 1.5.5
Banshee Banshee-project 1.5.6 1.5.6
Banshee Banshee-project 1.6.0 1.6.0
Banshee Banshee-project 1.6.1 1.6.1
Banshee Banshee-project 1.7.0 1.7.0
Banshee Banshee-project 1.7.1 1.7.1
Banshee Banshee-project 1.7.2 1.7.2
Banshee Banshee-project 1.7.3 1.7.3
Banshee Banshee-project 1.7.4 1.7.4
Banshee Banshee-project 1.7.5 1.7.5
Banshee Banshee-project 1.7.6 1.7.6
Banshee Banshee-project * 1.8.0
Banshee Ubuntu dapper *
Banshee Ubuntu hardy *
Banshee Ubuntu karmic *
Banshee Ubuntu lucid *
Banshee Ubuntu maverick *
Banshee Ubuntu natty *
Banshee Ubuntu oneiric *
Banshee Ubuntu quantal *
Banshee Ubuntu raring *
Banshee Ubuntu saucy *
Banshee Ubuntu upstream *

References