CVE-2010-3366

Name of the Vulnerable Software and Affected Versions Mn Fit version 5.13

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to Mn Fit placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For Mn Fit version 5.13, consider restricting access to the LD LIBRARY PATH environment variable to prevent unauthorized modifications until a patch is available. As a temporary workaround, avoid using Mn Fit in environments where untrusted users can create files in the current working directory.