CVE-2010-3360

Name of the Vulnerable Software and Affected Versions Hipo version 0.6.1

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to a zero-length directory name being placed in the LD LIBRARY PATH.

Recommendations For Hipo version 0.6.1, consider restricting access to the LD LIBRARY PATH environment variable to prevent malicious library loading until a patch is available. As a temporary workaround, avoid using the LD LIBRARY PATH variable with untrusted directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.