CVE-2010-3998

EUVD-2010-3974
The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.  NOTE: Banshee might also be affected using GST_PLUGIN_PATH.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
banshee-projectbanshee
𝑥
≤ 1.8.0
banshee-projectbanshee
0.13.2
banshee-projectbanshee
1.0
banshee-projectbanshee
1.2
banshee-projectbanshee
1.2.1
banshee-projectbanshee
1.4
banshee-projectbanshee
1.4.2
banshee-projectbanshee
1.4.3
banshee-projectbanshee
1.5.0
banshee-projectbanshee
1.5.1
banshee-projectbanshee
1.5.2
banshee-projectbanshee
1.5.3
banshee-projectbanshee
1.5.4
banshee-projectbanshee
1.5.5
banshee-projectbanshee
1.5.6
banshee-projectbanshee
1.6.0
banshee-projectbanshee
1.6.1
banshee-projectbanshee
1.7.0
banshee-projectbanshee
1.7.1
banshee-projectbanshee
1.7.2
banshee-projectbanshee
1.7.3
banshee-projectbanshee
1.7.4
banshee-projectbanshee
1.7.5
banshee-projectbanshee
1.7.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
banshee
dapper
ignored
hardy
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
References
http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html
http://secunia.com/advisories/42234
http://secunia.com/advisories/42237
http://www.mandriva.com/security/advisories?name=MDVSA-2011:034
http://www.securityfocus.com/bid/44752
http://www.vupen.com/english/advisories/2010/2964
https://bugzilla.redhat.com/show_bug.cgi?id=644554
http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050744.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050747.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050756.html
http://secunia.com/advisories/42234
http://secunia.com/advisories/42237
http://www.mandriva.com/security/advisories?name=MDVSA-2011:034
http://www.securityfocus.com/bid/44752
http://www.vupen.com/english/advisories/2010/2964
https://bugzilla.redhat.com/show_bug.cgi?id=644554