CVE-2010-3377

Name of the Vulnerable Software and Affected Versions SALOME version 5.1.3

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the runSalome, runTestMedCorba, runLightSalome, and hxx2salome scripts placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For SALOME version 5.1.3, consider restricting access to the LD LIBRARY PATH environment variable to prevent unauthorized modifications. As a temporary workaround, avoid using the affected scripts until a patch is available. Restrict the execution of the runSalome, runTestMedCorba, runLightSalome, and hxx2salome scripts to minimize the risk of exploitation.