Vulnerability Description
sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVSS Score
4.4
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Standards Based Linux Instrumentation | Sblim-Sfcb | All versions |
References
- http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809
- http://www.openwall.com/lists/oss-security/2012/07/06/7
- http://www.openwall.com/lists/oss-security/2012/07/06/8
- https://bugzilla.novell.com/show_bug.cgi?id=770234
- https://bugzilla.redhat.com/show_bug.cgi?id=838160
- http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809
- http://www.openwall.com/lists/oss-security/2012/07/06/7
- http://www.openwall.com/lists/oss-security/2012/07/06/8
- https://bugzilla.novell.com/show_bug.cgi?id=770234
- https://bugzilla.redhat.com/show_bug.cgi?id=838160
FAQ
What is CVE-2012-3381?
CVE-2012-3381 is a vulnerability with a CVSS score of 4.4 (MEDIUM). sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
How severe is CVE-2012-3381?
CVE-2012-3381 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3381?
Check the references section above for vendor advisories and patch information. Affected products include: Standards Based Linux Instrumentation Sblim-Sfcb.