CVE-2010-3359

EUVD-2010-3357
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
gargoyle_projectgargoyle
𝑥
< 2009-08-25
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gargoyle-free
bookworm
2022.1+dfsg-1
fixed
bullseye
2019.1.1-2
fixed
sid
2023.1+dfsg-4
fixed
trixie
2023.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gargoyle-free
hardy
dne
lucid
ignored
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
https://security-tracker.debian.org/tracker/CVE-2010-3359
https://security-tracker.debian.org/tracker/CVE-2010-3359