Launchpad CVE tracker

CVE 2010-3387

** DISPUTED ** vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended.

Related bugs and status

CVE-2010-3387 (Candidate) is related to these bugs:

Bug #669105: Sync vdr 1.6.0-19.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	669105	Sync vdr 1.6.0-19.1 (universe) from Debian unstable (main)		vdr (Ubuntu)	Wishlist	Fix Released

Bug #930700: vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH

Summary				In	Importance	Status
	930700	vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH		vdr (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...

Launchpad.net

CVE 2010-3387

Related bugs and status

Related bugs

References