CVE-2010-3359

Name of the Vulnerable Software and Affected Versions gargoyle-free versions prior to 2009-08-25

Description The issue allows a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so, potentially gaining access to the user's account. This occurs when the LD LIBRARY PATH is undefined.

Recommendations For versions prior to 2009-08-25, define the LD LIBRARY PATH to prevent it from pointing to the current directory, or ensure that users are aware of the potential risk when running gargoyle in untrusted directories.