CVE-2010-3382

Name of the Vulnerable Software and Affected Versions Tuning and Analysis Utilities (TAU) version 2.16.4

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to tauex in Tuning and Analysis Utilities (TAU) placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For version 2.16.4, consider restricting access to the LD LIBRARY PATH environment variable to prevent malicious libraries from being loaded, until a patch is available. As a temporary workaround, avoid using tauex in environments where local users could potentially exploit this issue.