CVE-2010-3378

Name of the Vulnerable Software and Affected Versions Scilab version 5.2.2

Description The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to the scilab, scilab-cli, and scilab-adv-cli scripts placing a zero-length directory name in the LD LIBRARY PATH.

Recommendations For Scilab version 5.2.2, consider restricting access to the LD LIBRARY PATH environment variable to prevent unauthorized modifications. As a temporary workaround, avoid using the scilab, scilab-cli, and scilab-adv-cli scripts until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.