Vulnerability Details CVE-2010-3998
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.7%
CVSS Severity
CVSS v2 Score 6.9
References
- http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html
- http://secunia.com/advisories/42234
- http://secunia.com/advisories/42237
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:034
- http://www.securityfocus.com/bid/44752
- http://www.vupen.com/english/advisories/2010/2964
- https://bugzilla.redhat.com/show_bug.cgi?id=644554
- http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html
- http://secunia.com/advisories/42234
- http://secunia.com/advisories/42237
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:034
- http://www.securityfocus.com/bid/44752
- http://www.vupen.com/english/advisories/2010/2964
- https://bugzilla.redhat.com/show_bug.cgi?id=644554
Products affected by CVE-2010-3998
-
cpe:2.3:a:banshee-project:banshee:*
-
cpe:2.3:a:banshee-project:banshee:0.13.2
-
cpe:2.3:a:banshee-project:banshee:1.0
-
cpe:2.3:a:banshee-project:banshee:1.2
-
cpe:2.3:a:banshee-project:banshee:1.2.1
-
cpe:2.3:a:banshee-project:banshee:1.4
-
cpe:2.3:a:banshee-project:banshee:1.4.2
-
cpe:2.3:a:banshee-project:banshee:1.4.3
-
cpe:2.3:a:banshee-project:banshee:1.5.0
-
cpe:2.3:a:banshee-project:banshee:1.5.1
-
cpe:2.3:a:banshee-project:banshee:1.5.2
-
cpe:2.3:a:banshee-project:banshee:1.5.3
-
cpe:2.3:a:banshee-project:banshee:1.5.4
-
cpe:2.3:a:banshee-project:banshee:1.5.5
-
cpe:2.3:a:banshee-project:banshee:1.5.6
-
cpe:2.3:a:banshee-project:banshee:1.6.0
-
cpe:2.3:a:banshee-project:banshee:1.6.1
-
cpe:2.3:a:banshee-project:banshee:1.7.0
-
cpe:2.3:a:banshee-project:banshee:1.7.1
-
cpe:2.3:a:banshee-project:banshee:1.7.2
-
cpe:2.3:a:banshee-project:banshee:1.7.3
-
cpe:2.3:a:banshee-project:banshee:1.7.4
-
cpe:2.3:a:banshee-project:banshee:1.7.5
-
cpe:2.3:a:banshee-project:banshee:1.7.6