PT-2010-4784 · Ocf+1 · Ocf Resource Agents+1

Publicado

2010-10-20

Atualizado

2012-02-02

CVE-2010-3389

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OCF Resource Agents versions 1.0.3

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the SAPDatabase and SAPInstance scripts in OCF Resource Agents placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For OCF Resource Agents version 1.0.3, consider restricting access to the LD LIBRARY PATH environment variable to prevent malicious library loading. As a temporary workaround, avoid using the SAPDatabase and SAPInstance scripts until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2010-3389

RHSA-2011:0264

RHSA-2011:1000

RHSA-2011:1580

RHSA-2011_1000

RHSA-2011_1580

Produtos afetados

Ocf Resource Agents

Red Hat

PT-2010-4784 · Ocf+1 · Ocf Resource Agents+1

CVE-2010-3389

Identificadores relacionados

Produtos afetados

Referências · 12